bigfix enterprise suite (bes)support.bigfix.com/product/documents/bes_console... · of the various...

BigFix® Enterprise Suite (BES)™

Console Operator’s Guide

BigFix, Inc.

Emeryville, CA

Last Modified: June 2, 2009

Version 7.2

BES Console Guide Page ii

© 2009 by BigFix, Inc.

© 2009 BigFix, Inc. All rights reserved.

BigFix®, Fixlet

®, Relevance Engine

®, Powered by BigFix™ and related BigFix logos are

trademarks of BigFix, Inc. All other product names, trade names, trademarks, and logos used in this documentation are the property of their respective owners. BigFix’s use of any other company’s trademarks, trade names, product names and logos or images of the same does not necessarily constitute: (1) an endorsement by such company of BigFix and its products, or (2) an endorsement of the company or its products by BigFix, Inc.

Except as set forth in the last sentence of this paragraph: (1) no part of this documentation may be reproduced, transmitted, or otherwise distributed in any form or by any means (electronic or otherwise) without the prior written consent of BigFix, Inc., and (2) you may not use this documentation for any purpose except in connection with your properly licensed use or evaluation of BigFix software and any other use, including for reverse engineering such software or creating derivative works thereof, is prohibited. If your license to access and use the software that this documentation accompanies is terminated, you must immediately return this documentation to BigFix, Inc. and destroy all copies you may have. You may treat only those portions of this documentation specifically designated in the “Acknowledgements and Notices” section below as notices applicable to third party software in accordance with the terms of such notices.

All inquiries regarding the foregoing should be addressed to:

BigFix, Inc.

1480 64th Street, Suite 200

Emeryville, California 94608

BES Console Guide Page iii


Contents

PREFACE ___________________________________________________________ 1

INTRODUCTION ______________________________________________________ 2 INTRODUCING BES............................................................................................................ 2

USING THE PROGRAM ________________________________________________ 3 OVERVIEW OF THE BES SYSTEM ........................................................................................ 3 A TYPICAL INSTALLATION ................................................................................................... 3 INTRODUCING THE BES CONSOLE ...................................................................................... 5 OPERATING BASICS ........................................................................................................... 7

FIXLET MESSAGES __________________________________________________ 10 INTRODUCING FIXLET MESSAGES ...................................................................................... 10 VIEWING FIXLET MESSAGES ............................................................................................. 10 MONITORING FIXLET MESSAGES ....................................................................................... 11 COMMENTING ON FIXLET MESSAGES ................................................................................. 12 CREATING CUSTOM COPIES ............................................................................................. 12 CREATING FIXLET MESSAGES ........................................................................................... 12 HIDING FIXLET MESSAGES ............................................................................................... 13 INTRODUCING RELEVANCE ............................................................................................... 14 VIEWING RELEVANCE EXPRESSIONS ................................................................................. 15

TASKS ____________________________________________________________ 17 INTRODUCING TASKS ....................................................................................................... 17 VIEWING TASKS .............................................................................................................. 17 MONITORING TASKS ........................................................................................................ 18 COMMENTING ON TASKS .................................................................................................. 18 CREATING CUSTOM COPIES ............................................................................................. 19 CREATING TASKS ............................................................................................................ 19 HIDING TASKS................................................................................................................. 20 ADJUSTING SETTINGS TASKS ........................................................................................... 20 VIEWING RELEVANCE EXPRESSIONS ................................................................................. 21

BASELINES ________________________________________________________ 22 INTRODUCING BASELINES ................................................................................................. 22 VIEWING BASELINES ........................................................................................................ 22 MONITORING BASELINES .................................................................................................. 23 COMMENTING ON BASELINES ............................................................................................ 23 CREATING CUSTOM COPIES ............................................................................................. 24 CREATING BASELINES...................................................................................................... 25 HIDING BASELINES .......................................................................................................... 26

BES Console Guide Page iv


ACTIONS __________________________________________________________ 27 INTRODUCING ACTIONS .................................................................................................... 27 VIEWING ACTIONS ........................................................................................................... 27 MONITORING ACTIONS ..................................................................................................... 28 DEFAULT ACTIONS .......................................................................................................... 29 MAKING AN OFFER .......................................................................................................... 29 COMMENTING ON ACTIONS ............................................................................................... 30 DEPLOYING THE ACTION .................................................................................................. 30 STOPPING AN ACTION ...................................................................................................... 31 RESTARTING AN ACTION .................................................................................................. 31 CUSTOM ACTIONS ........................................................................................................... 31

CLIENT COMPUTERS ________________________________________________ 33 INTRODUCING CLIENT COMPUTERS ................................................................................... 33 MONITORING COMPUTER STATUS ..................................................................................... 33 COMMENTING ON COMPUTERS ......................................................................................... 34 CREATING RETRIEVED PROPERTIES .................................................................................. 34 GROUPING COMPUTERS .................................................................................................. 35 LOCKING COMPUTERS ..................................................................................................... 36 REMOVING COMPUTERS .................................................................................................. 37 RESTORING RETRIEVED PROPERTIES ................................................................................ 37 CREATING CLIENT DASHBOARDS ...................................................................................... 37

COMPUTER GROUPS ________________________________________________ 41 INTRODUCING COMPUTER GROUPS ................................................................................... 41 COMMENTING ON COMPUTER GROUPS .............................................................................. 41 CREATING MANUAL COMPUTER GROUPS ........................................................................... 42 CREATING AUTOMATIC COMPUTER GROUPS ...................................................................... 42 REMOVING COMPUTER GROUPS ....................................................................................... 42

ANALYSES _________________________________________________________ 43 INTRODUCING ANALYSES ................................................................................................. 43 VIEWING ANALYSES ......................................................................................................... 43 MONITORING ANALYSES................................................................................................... 44 COMMENTING ON ANALYSES ............................................................................................ 44 CREATING ANALYSES ...................................................................................................... 45 EDITING ANALYSES ......................................................................................................... 45 HIDING ANALYSES ........................................................................................................... 46 REPORTING ON ANALYSES ............................................................................................... 46

OPERATORS _______________________________________________________ 47 INTRODUCING OPERATORS............................................................................................... 47 MONITORING OPERATORS ................................................................................................ 47 ASSIGNING MANAGEMENT RIGHTS .................................................................................... 47

BES Console Guide Page v


FIXLET SITES _______________________________________________________ 49 INTRODUCING FIXLET SITES ............................................................................................. 49 SELECTING SITES............................................................................................................ 49 VIEWING SITE PROPERTIES .............................................................................................. 50 CANCELING A SUBSCRIPTION ............................................................................................ 50 CREATING CUSTOM SITES ................................................................................................ 51 RESTRICTING COMPUTERS ............................................................................................... 51 RESTRICTING READERS ................................................................................................... 52

DISPLAYS AND REPORTS ____________________________________________ 53 INTRODUCING WEB REPORTS ........................................................................................... 53 WEB REPORTS OVERVIEW ............................................................................................... 54 VIEWING WEB REPORTS .................................................................................................. 56 CREATING WEB REPORTS ................................................................................................ 57 VISUALIZING DATA ........................................................................................................... 60 VIEWING DASHBOARDS .................................................................................................... 61

RELAYS AND SERVERS ______________________________________________ 62 UNDERSTANDING BES RELAYS ........................................................................................ 62 BES RELAY REQUIREMENTS............................................................................................. 63 USING BES RELAYS ........................................................................................................ 63 AUTOMATIC RELAYS ........................................................................................................ 63 MANUALLY ASSIGNING MULTIPLE CLIENTS ......................................................................... 64 MANUALLY ASSIGNING SINGLE CLIENTS ............................................................................ 64 SETTING UP A BES RELAY .............................................................................................. 64 ADJUSTING THE BES SERVER AND RELAYS ....................................................................... 65 DYNAMIC BANDWIDTH THROTTLING ................................................................................... 66

UNMANAGED ASSETS _______________________________________________ 68 VIEWING UNMANAGED ASSETS ......................................................................................... 68 MONITORING UNMANAGED ASSETS ................................................................................... 69

MENUS ____________________________________________________________ 70 FILE MENU ..................................................................................................................... 70 EDIT MENU ..................................................................................................................... 71 VIEW MENU .................................................................................................................... 74 TOOLS MENU .................................................................................................................. 75 DASHBOARDS MENU........................................................................................................ 77 WIZARDS MENU .............................................................................................................. 78 WINDOW MENU ............................................................................................................... 79 HELP MENU .................................................................................................................... 79

BES Console Guide Page vi


DIALOGS __________________________________________________________ 80 ABOUT BES CONSOLE .................................................................................................... 80 ACTION: COMPUTERS ...................................................................................................... 80 ACTION DOCUMENT ......................................................................................................... 81 ACTION HISTORY TAB ...................................................................................................... 82 ACTION SITE SIGNING KEY ............................................................................................... 82 ACTION PARAMETER........................................................................................................ 82 ACTION PROGRESS REPORT ............................................................................................ 83 ACTION SCRIPT TAB ........................................................................................................ 84 ACTION SETTINGS ........................................................................................................... 84 ACTION: SUMMARY .......................................................................................................... 85 ACTION: TARGET ............................................................................................................. 86 ACTIONS TAB .................................................................................................................. 87 ADD COMMENT ............................................................................................................... 88 ADD CUSTOM SETTING .................................................................................................... 88 ANALYSES TAB ............................................................................................................... 89 ANALYSIS DOCUMENT ...................................................................................................... 91 APPLICABLE COMPUTERS TAB .......................................................................................... 92 APPLICABILITY TAB .......................................................................................................... 92 ASSIGN USER MANAGEMENT RIGHTS ................................................................................ 92 BASELINE COMPONENT APPLICABILITY TAB ........................................................................ 93 BASELINE DOCUMENT ...................................................................................................... 94 BASELINES TAB............................................................................................................... 95 CHANGE DATABASE PASSWORD ....................................................................................... 96 CHANGE PRIVATE KEY PASSWORD ................................................................................... 97 COMMENTS .................................................................................................................... 97 COMPONENT APPLICABILITY TAB ...................................................................................... 97 COMPONENTS TAB .......................................................................................................... 98 COMPUTER: ACTION HISTORY .......................................................................................... 98 COMPUTER: APPLICABLE TASKS ....................................................................................... 98 COMPUTER DOCUMENT ................................................................................................... 99 COMPUTER GROUP: ACTIONS ........................................................................................... 99 COMPUTER GROUP: ANALYSES ...................................................................................... 100 COMPUTER GROUP: BASELINES...................................................................................... 100 COMPUTER GROUP: COMPUTERS ................................................................................... 100 COMPUTER GROUP: DESCRIPTION .................................................................................. 101 COMPUTER GROUP DOCUMENT ...................................................................................... 101 COMPUTER GROUP: FIXLET MESSAGES ........................................................................... 102 COMPUTER GROUP: REPORTING COMPUTERS ................................................................. 102 COMPUTER GROUP: TASKS ............................................................................................ 103 COMPUTER GROUPS TAB ............................................................................................... 103 COMPUTER: MANAGEMENT RIGHTS ................................................................................. 104 COMPUTER: RELEVANT BASELINES ................................................................................. 104 COMPUTER: RELEVANT FIXLET MESSAGES ...................................................................... 105 COMPUTER: SUMMARY .................................................................................................. 105 COMPUTERS TAB .......................................................................................................... 106 CONNECT TO DATABASE ................................................................................................ 107 CONSOLE OPERATOR: ADMINISTERED COMPUTERS .......................................................... 107 CONSOLE OPERATOR DOCUMENT ................................................................................... 108 CONSOLE OPERATOR: ISSUED ACTIONS .......................................................................... 109 CONSOLE OPERATOR: MANAGEMENT RIGHTS ASSIGNMENT .............................................. 109 CONSOLE OPERATORS TAB ............................................................................................ 109 CREATE ANALYSIS ........................................................................................................ 110 CREATE ANALYSIS PROPERTIES TAB ............................................................................... 111

BES Console Guide Page vii


CREATE AUTOMATIC COMPUTER GROUP ......................................................................... 111 CREATE CUSTOM SITE................................................................................................... 112 DASHBOARD DOCUMENT ................................................................................................ 112 DESCRIPTION TAB ......................................................................................................... 113 DETAILS TAB ................................................................................................................ 113 EDIT ACTIONS TAB ........................................................................................................ 114 EDIT BASELINE ............................................................................................................. 115 EDIT COMPONENTS TAB ................................................................................................ 116 EDIT DESCRIPTION TAB ................................................................................................. 117 EDIT FIXLET MESSAGE................................................................................................... 117 EDIT PROPERTIES TAB................................................................................................... 118 EDIT RELEVANCE TAB.................................................................................................... 119 EDIT SCRIPT ELEMENT .................................................................................................. 120 EDIT SETTINGS FOR COMPUTER ..................................................................................... 120 EDIT COMPUTER SETTINGS ............................................................................................ 122 EDIT TASK MESSAGE ..................................................................................................... 123 ENTER PRIVATE KEY ..................................................................................................... 123 EXECUTION TAB ............................................................................................................ 124 FIND ............................................................................................................................ 126 FIXLET DOCUMENT ........................................................................................................ 127 FIXLET MESSAGES TAB .................................................................................................. 128 HELP FOR THE BES CONSOLE ........................................................................................ 130 IMPORT CONTENT ......................................................................................................... 130 LAUNCH WEB REPORTS ................................................................................................. 131 MAIN CONSOLE WINDOW ............................................................................................... 131 MANAGE PROPERTIES ................................................................................................... 133 MANAGE SITES ............................................................................................................. 135 MANUAL COMPUTER GROUPS ........................................................................................ 135 MESSAGES TAB ............................................................................................................ 136 MODIFY SITE SUBCRIPTIONS .......................................................................................... 137 NAVIGATION BAR .......................................................................................................... 137 OFFER TAB .................................................................................................................. 137 POST-ACTION TAB ........................................................................................................ 138 POST-EXECUTION TAB ................................................................................................... 139 PRE-EXECUTION TAB .................................................................................................... 140 PREFERENCES .............................................................................................................. 141 PRESENTATION DEBUGGER ............................................................................................ 142 RECENT COMMENTS ...................................................................................................... 143 RESULTS TAB ............................................................................................................... 143 SETTINGS TAB .............................................................................................................. 143 SITE PROPERTIES ......................................................................................................... 144 SITE READERS .............................................................................................................. 145 SITE SUBSCRIPTION ...................................................................................................... 146 SUCCESS CRITERIA TAB ................................................................................................ 147 TAKE ACTION ................................................................................................................ 147 TAKE MULTIPLE ACTIONS ............................................................................................... 148 TARGET TAB ................................................................................................................. 150 TASK DOCUMENT .......................................................................................................... 151 TASKS TAB ................................................................................................................... 152 UNMANAGED ASSETS .................................................................................................... 153 UNMANAGED ASSETS: SUMMARY .................................................................................... 154 USERS TAB .................................................................................................................. 154 VIEW ACTION INFO ........................................................................................................ 155 VIEW WEB REPORTS ..................................................................................................... 155 VISUALIZATION PARAMETERS: COLORIZATION .................................................................. 155

BES Console Guide Page viii PREFACE


VISUALIZATION PARAMETERS: COMPUTERS ..................................................................... 156 VISUALIZATION PARAMETERS: GENERAL .......................................................................... 156 VISUALIZATION TOOL ..................................................................................................... 157 WEB REPORTS ............................................................................................................. 158 WEB REPORTS: CREATE ................................................................................................ 159 WEB REPORTS: ADVANCED ............................................................................................ 160 WEB REPORTS: DATABASE ............................................................................................ 160 WEB REPORTS: EMAIL ................................................................................................... 160 WEB REPORTS: OVERVIEW ............................................................................................ 161 WEB REPORTS: REPORTS .............................................................................................. 161 WEB REPORTS: SCHEDULE ............................................................................................ 162 WEB REPORTS: USERS.................................................................................................. 162

GLOSSARY _______________________________________________________ 163

INDEX ____________________________________________________________ 165

BES Console Guide Page 1 PREFACE


Preface

The BES Console Guide describes the operation of the BigFix Enterprise Suite (BES) Console from BigFix®, Inc. It includes a complete description of the interface, as well as step-by-step

instructions for using the program. This guide also shows you how to optimize the performance

of the various suite components, including BES Servers, Relays and Clients. This guide

doesn’t, however, discuss the installation of the software. For that information, see the BES

Administrator’s Guide or the BES Evaluation Guide.

Audience This guide is for administrators who are using BES to monitor and remediate large networks of

computers using continuously updated Fixlet® information from BigFix, Inc. BES also allows properly authorized administrators to create and target their own network queries and actions,

either by modifying existing Fixlets or by creating new ones from scratch.

A master Console operator can manage the rights and scope of other Console operators,

allowing subsets of your network to be administered by divisional or regional managers. Both master and ordinary BES Console operators can benefit from this guide.

Organization of this Guide This guide is composed of four major sections:

Using the Program. This section provides step-by-step instructions for using all the major

features of the BigFix Enterprise Suite of programs.

Menus. This section covers all the menu items available in the BES Console.

Dialogs. This section discusses each the dialogs used by the BES Console to input and display network information.

Glossary. This section provides a description of the terms used in this guide.

BES Console Guide Page 2 INTRODUCTION


Introduction

Introducing BES

The BigFix Enterprise Suite (BES) solves the increasingly complex problem of keeping your critical systems updated, compatible and free of security holes. The BES Console uses patented Fixlet® technology to identify

vulnerable or aberrant computers on your network and then allows authorized personnel to correct these issues

across any subset of the network with a few simple mouse-clicks.

Rolling out a security patch or a software update can be accomplished in minutes, allowing you to keep a step ahead of potential network problems while maintaining a standardized operating environment. You can track

the progress of each computer as updates are applied, making it easy to gauge the level of compliance across

your entire enterprise.

BES allows you to create and print an audit trail of each issue and its resolution to meet regulatory or policy

guidelines. At any time and from any browser, you can view or print graphs and reports summarizing conditions

across hundreds of thousands of networked computers.

Using an exhaustive library of Windows, Macintosh, Unix and Linux Inspectors, BES can retrieve useful

computer properties from each of the BES Clients. These properties can be used to target your own Fixlet

messages, tasks and actions. You can also use these retrieved properties to generate customized, continuously

updated reports, graphs and 3D maps of your network.

Starting with version BES version 7.0, you can also communicate directly with all your networked users

through a new BES Client interface. You can offer them a menu of authorized choices so they can customize

their solutions within corporate guidelines. For instance, you might offer a collection of approved, compatible

graphics programs and let your users choose the one that best suits their needs.

BES Console Guide Page 3 USING THE PROGRAM


Using the Program

Overview of the BES System

The BES system has the following main components:

BES Clients are installed on every computer you wish to manage under BES. They access a collection of Fixlet messages that seek out security holes, vulnerabilities and deviations from the desired operating

environment. If a vulnerability is found, the BES Client can then implement corrective actions received

from the BES Console. In most cases, the BES Client operates silently, without any direct intervention

from the end user. However, should you need to solicit user response, BES also allows you to provide screen prompts.

BES Servers are collections of interacting server applications that form the heart of the BES system.

They coordinate the flow of information to and from individual BES Clients and store the results in the BES database(s). BigFix version 7.0 is the first to support multiple servers, adding a robust redundancy

to the system.

BES Relays increase the efficiency of the system. Instead of requiring every networked computer to directly access the BES Server, relays can be used to offload much of the burden. Hundreds of BES

Clients can point to a BES Relay for downloads, which in turn makes only a single request of the

server. BES Relays can connect to other relays as well, further increasing efficiency. BES can also

automate the relay setup, dynamically determining the best configuration for the current state of your network.

The BES Console ties all these components together to provide a system-wide view of your networked

computers, along with their vulnerabilities and suggested remedies. As an authorized user, the BES Console allows you to quickly and simply distribute a fix to exactly those computers that need it -- with

zero impact on the rest of the network. The BES Console can be run on any computer that has network

access to the BES Server.

Web Reports let you produce charts and graphs of your data, providing you with hard copy and helping you to maintain an audit trail of all the Fixlet activity on your network. It allows you to export

this data for further manipulation in a spread sheet or database. The Web Reports program also allows

you to aggregate information from additional BES Servers that you may have installed in your organization. This important feature allows an organization with hundreds of thousands of computers to

be quickly and easily visualized.

The Visualization Tool lets you view all the computers on your network as a 3D graph. With this tool, you can easily spot problems and track deployments across a far-flung network. Specify a color scheme

to target specific computer properties, the status of actions or Fixlet relevance. For better views, you

can rotate the graph to emphasize specific subsets of your network.

A Typical Installation

A typical BES installation has at least one BES Server that gathers Fixlet messages from the Internet. These messages can be viewed by the BES Console operator and distributed to the BES Relays, which forward the

data on to the BES Clients. Each BES Client inspects its local computer and reports any relevant Fixlet

messages back to the BES Relays, which compress the data and pass it back up to the servers.

The BES Console oversees this activity. It connects to the BES Server and periodically updates its display to reflect changes or new knowledge about your network. When vulnerabilities are discovered, the BES Console



operator can then target patches or other fixes to the appropriate computers. The progress of the fixes can be

followed in near real-time as they spread to all the relevant computers and, one by one, eliminate bugs and

vulnerabilities.

BES is flexible enough to connect to a distant office over a VPN and will even allow home-based workers or on-the-road sales staff to connect over the Internet to a firewall-protected BES Relay in a DMZ. This simple

hierarchy can be extended and deepened to accommodate networks of virtually any size.

A typical deployment of the BigFix Enterprise Suite (BES).



Introducing the BES Console

The Main Console window for the BigFix® Enterprise Suite (BES) has an upper panel with several main tabs.

To operate the Console, click one of the tabs and then double-click an item from the resulting list. That will

open a document in the bottom window with more detailed information about the selected item.

Navigation Bar: This vertical panel on the left provides a quick way to navigate the many functions of the BES Console. You can open or close the various main topics, and you can eliminate the Navigation

Bar itself by clicking on the close icon (X) in the upper right corner of the bar.

Main Tabs: The top-level object tabs for BES include:

Fixlet Messages: Displays a list of Fixlet messages that are relevant on the various BES Client computers on your network. These Fixlet messages are targeted only to affected computers and

no others.

Tasks: Displays a list of tasks, which are similar to Fixlet messages, but designed to execute certain recurring tasks to fine-tune your network or keep it in compliance with corporate

standards.

Baselines: Displays a list of Baselines that can be used to apply a group of related Fixlets and

Tasks automatically to any given subset of computers. Actions: Displays a list of the Actions that have been or are currently running across your

network.

Computers: Displays a list of the BES Client computers on your network, along with several useful properties retrieved from those computers.

Computer Groups: Displays a list of user-defined computer groups, allowing you to map

computers to departments, functionality, location, etc. Analyses: Displays a list of Analyses, which are documents that can track specific properties of

your networked computers.

Console Operators: Displays a list of authorized BES Console operators.

Filter Panel: This set of folders and icons (upper left) contains specific field values that you can use to narrow down the list panel to the right. For instance, after clicking the Fixlet Messages tab, you might

open the Source Severity folder under All Relevant Fixlet Messages and select Critical to filter the

list down to critical Fixlet messages only. List Panel: This is the listing, as filtered by the filter panel (above). You can sort the list by clicking on

the column headers. You can also rearrange the headers by dragging them left or right. In addition,

most of the list panels let you right-click the headers to see a pop-up menu containing a list of all the fields. Check those you want to use as headers.

Right-click Menu: This is the context menu that shows up when you right-click any item in a

list. Each different list has a unique context menu.

Document Area: Below the tabbed area is a document window. When you double-click an item from any list, it will open a detailed document in this area. The following discusses elements of one

particular document -- the Fixlet message:

Document tabs: Each type of document has a unique set of tabs to go along with it. For a Fixlet message, the tabs include items such as Description, Details, Applicable Computers and

Action History.

Fixlet Message: If a Fixlet message is opened from the list, the default Description tab is

selected and the Fixlet document will explain the issue in plain English. Action Button: A Fixlet document typically contains at least one Action, represented by a link

or button. Click it to deploy the action across your network.



Below is a screen shot from a typical session. The Fixlet Messages tab is selected, and the user is viewing the

description of a message opened from the list panel:

Filter Panel Main Tabs List Panel Right-click Menu

Navigation Bar Action Button Document Tabs Fixlet Message

In general, as the BES Console operator, you'll view the list of Fixlet messages, open each one and see what the issues are. Each Fixlet message will describe a problem that has been discovered on some BES Client. The

Fixlet document in the bottom panel presents you with a short, clear explanation of the problem. If you wish,

you can inspect the actual code used in the Relevance Expressions and the proposed actions by clicking the

Details tab.

Once you decide to deploy the action to the relevant computers, just click on the action (represented by a button or a hyperlink in the Fixlet Window) and follow the prompts. After deploying the action, the affected BES

Clients will be fixed and will no longer report the problem, so the Fixlet will disappear.

You can set preferences that govern how responsive and secure you want your Fixlet network to be. To change

the default values, select Preferences from the File menu.



Operating Basics

The BigFix Enterprise Suite is a powerful and feature-packed program that may seem overwhelming to a new

user. Fortunately, once you master the typical workflow, the operation becomes straightforward and intuitive.

Let's run through a sample session:

1. Start up the BES Console. 2. From the Navigation Bar on the left, choose View All Relevant Fixlet Messages. This opens the Fixlet

mesages tab and displays the Fixlet messages that are currently applicable to your network.

Or, if you're short on screen space, you can dismiss the Navigation Bar and click the tab labeled Fixlet

Messages. You'll see two panels, side by side.

The left panel offers a way to filter the list in the right panel which, in turn, displays all the issues that

are relevant to your network of computers.



3. Open up a folder in the filter panel (on the left) and select a filter. For instance, open the Source

Severity folder and click on Important or Critical. The list to the right will now be filtered to display

just those Fixlet messages. 4. In the right panel, double-click on a Fixlet message of interest. A document will open up in the lower

panel:

This is the text of the Fixlet message, which will give you the information you need to decide on

deployment.

5. At the bottom of the message you will find one or more links that will initiate actions to fix the afflicted

computers. Click on the action that seems most appropriate. A Take Action dialog box will open:



6. Use the target tab to select the computers you wish to target. There are many techniques for deploying

actions:

The first targeting button lets you select the computers you want from the panel on the right, which lists all those computers for which the Fixlet message is currently relevant. The right-

click menu allows you to select all the computers in the list. This technique limits the Fixlet

action to the specified list. Choose the second button to take actions on computers with a set of specified properties. Until

the expiration of the action period, whenever a computer satisfies the given properties it will be

targeted. As with all actions, only the affected computers will actually receive the action.

Choose the third button to specify a list of computers. 7. Use the rest of the tabs to prepare your action, including execution schedules, client messages, extra

scripting and more, then click the OK button.

8. The Fixlet action will now be deployed throughout your network, and will be applied specifically to

each computer that needs it, subject to any filters you put in place.

This is the workflow that you will use for typical computer maintenance and remediation. As you explore the

interface, you will discover that BES can also help you inventory your computers, manage your users and

maintain a detailed audit trail of every patch and upgrade. In each case, you will start with the Navigation Bar

(or the main tabs and menus), use the left panel to filter the list and then find further information in the bottom panel. With this simple overview, you are ready to maintain your network in prime operating condition with a

minimum of fuss.

BES Console Guide Page 10 FIXLET MESSAGES


Fixlet Messages

Introducing Fixlet Messages

Fixlet messages lie at the core of BES functionality. Using Relevance statements, they can target specific computers, remediating just those client computers with an issue and never bothering the computers that don't.

Fixlets come with an Action script that can resolve the issue with a single mouse-click. Typically, when the

Action has completed, the Fixlet detects that the issue is no longer applicable to that computer. As Fixlet

Actions propagate through your network, you can track their progress with the BES Console, Web Reports and the Visualization Tool. Once every computer in your network is remediated, the Fixlet message disappears from

the list. Should the issue reappear, the Fixlet will once again show up in the list, ready to address the issue once

again.

Fixlet messages contain a text description of the issue and may offer several different Actions, including links to more information. Often a Fixlet message will have a default action, allowing you to simply click from the

Fixlet list to deploy it.

Fixlet messages can be grouped into Baselines, allowing even higher levels of automation. If you create a

Baseline of Fixlet messages that contain default Actions, you can turn the tedious chore of maintaining a

common operating environment into a single-click operation.

At any time, you can open a Fixlet message to inspect the Relevance expressions that target the Clients as well as the Action script that will remediate the issue. This gives you a high degree of confidence in the applicability

and efficacy of the remedial Action. You can also see exactly which computers on your network are affected by

each Fixlet message and view a history of the Actions taken on a Client-by-Client basis.

Viewing Fixlet Messages

To display a Fixlet message,

Double-click an entry in any Fixlet list

The body of the Fixlet message will show up in the lower display region (click the Description tab if not

already selected). Each Fixlet message, when selected, gets a window of its own. These windows can be

managed by selecting items from the Window menu.

The Fixlet display region has four tabs:

Description: This is typically an HTML page providing a descriptive explanation of the problem and

one or more actions to fix it. Details: This dialog contains the Fixlet properties such as category, security ID, download size, source,

severity and date. It also lists the code behind the Relevance expressions and the Fixlet actions. At the

bottom of this dialog there is a text box for you to enter a comment that will stay attached to this Fixlet. Applicable Computers: This is a filter/list of all the computers targeted by the selected Fixlet message.

You can filter the list by selecting items from the folders on the left, and sort the list by clicking on the

column headers.



Action History: This is a filter/list of any actions that have been deployed from this Fixlet message. If

the Fixlet message is new, there won't be any actions in the list. Like the other filter/lists in the BES

Console, you can filter the actions using the left panel, and sort them by clicking the column headers.

Don't worry about accidentally clicking on an action hyperlink. Before the actual deployment, you'll get a

chance to modify (or cancel) the action.

Monitoring Fixlet Messages

When Fixlet messages become relevant somewhere on your network, BES will add them to the list of Fixlet

messages to be displayed under the Fixlet Messages tab in the BES Console main window. The Fixlet filter/list

contains entries that include the following information:

Name: The name assigned to the Fixlet message by the author. Source Severity: A measure of how serious a Fixlet message is, assigned by the Fixlet author. Typical

values are Critical, Important, Moderate or Low.

ID: A numerical ID assigned to the Fixlet message by the author. Site: The name of the site that is generating the relevant Fixlet message.

Applicable Computer Count: The number of BES Clients in the network currently affected by the

Fixlet message.

Open Action Count: Number of distinct actions open for the given Fixlet message. Category: The type of Fixlet message, such as a security patch or update.

Download Size: The size of the remedial file or patch that the action will download.

Source: The name of the source company that provided the Fixlet information. Source ID: An identification number assigned to the Fixlet to relate it back to its source.

Source Release Date: The date this Fixlet message was released.

As with all the filter/lists in the BES Console, you can filter this list using the panel of folders on the left. Each

folder contains data groupings that you can use to narrow down the list of Fixlet messages on the right. Then, in

the listing area itself, you can sort the Fixlet messages by clicking a column heading.

For example, you might filter the list by opening the Source Severity folder and selecting Critical to filter out non-critical Fixlet messages. Then you could sort the Fixlet messages by Affected Computer Count (which

shows the number of affected computers) to find which Fixlet messages are relevant to the greatest number of

computers. If you don't see one of the columns listed above, right-click in the Fixlet header and select it from

the pop-up menu.



Commenting on Fixlet Messages

You can attach a comment to a Fixlet Message that other operators can read.

1. Select the Fixlet Messages tab and choose one of the categories in the left panel to narrow down your

list. 2. Select a Fixlet from the list on the right by double-clicking it.

3. From the document panel below, select the Details tab and scroll to the bottom.

4. Type your comment into the text box and click the Add Comment Button.

Your comment will be name- and time-stamped for other operators to view it. In addition to Fixlets, you can

attach comments to Tasks, Actions, Computers and Analyses.

Creating Custom Copies

To clone off a Fixlet message and customize it, first select the Fixlet message in any list, then:

Select Edit > Create Custom Fixlet Message Copy... (or right-click on the Fixlet and select Create

Custom Copy from the pop-up menu).

This brings up the Edit Fixlet Message dialog, described in greater detail in Creating Fixlet Messages.

When you're satisfied with your Fixlet modifications, click OK. Your customized Fixlet needs to be

propagated, so you will be prompted for your private key password. Once you enter it and click OK, your new

Fixlet message will be sent to all networked BES Clients, which will evaluate it for relevance and report back their status. You will now be able to follow the deployment of your own custom Fixlet messages from the BES

Console.

Creating Fixlet Messages

To create your own custom Fixlet message,

Select Tools > Create New Fixlet Message or Advanced > Create Custom Fixlet from the

Navigation Bar.

This brings up a dialog with a text box, a pull-down menu and four tabbed dialogs. Enter the name of your

customized Fixlet message in the top left text box. This will serve as the title when the Fixlet is displayed. You

can use the name for sorting and filtering, so it's worth creating a consistent naming convention to make your

Fixlets more manageable. Then choose the Fixlet site to host it from the Create in site drop-down menu.



Next, click through each of the tabs to define your Fixlet:

Description: Create the text of the Fixlet message in this text area, using the text manipulation toolbar

at the top of the dialog to format the message.

Actions: Define your action in this dialog. Use the buttons at the right to add, delete or change the position of the action. Below that is an area to customize the properties of the action. Choose the Script

Type from the drop-down menu. Below that is a text box where you can enter a new action script or

modify the original. There are three check boxes to the right:

Click this box to create a default action. Include custom settings. Click the Edit box to the right to customize the action settings,

including display messages, execution constraints, automation, and post-action functions.

Define custom success criteria, which allows you to specify the conditions that will define the success of the action.

Relevance: Enter your relevance statement here. This is how you target your Fixlet to specific

computers. For more information on the relevance language, refer to the BigFix Inspector Libraries.

Properties: Set the properties of your Fixlet, including the category, download size, date, severity and more. You can also include the SANS (SysAdmin, Audit, Network, Security) or CVE (Common

Vulnerabilities and Exposures) ID numbers.

When you're satisfied with your Fixlet definitions, click OK. Your Fixlet needs to be propagated, so you will be

prompted for your private key password. Once you enter it and click OK, your Fixlet will be sent to all the BES Clients, which will evaluate it for relevance and report back their status. You will now be able to follow the

deployment of your new Fixlet message from the BES Console.

Hiding Fixlet Messages

You can hide a Fixlet message with the following procedure:

1. From any Fixlet list, select the Fixlet message or messages you want to hide.

2. Right-click on the Fixlet message and select Globally or Locally Hide Fixlet Message from the pop-up

menu (or from the Edit menu).

The selected Fixlet message(s) will no longer be displayed in the Fixlet list. If you elected to hide the Fixlet

locally, it will still be visible to other Console users. If you are a master operator, you can hide a Fixlet globally,

so it will also be hidden to all non-master users.

Fixlet messages that are hidden are still available and you can restore or unhide them at any time. Here's how:

1. Click on the Fixlet Messages tab, then select Locally or Globally Hidden Fixlet Messages from the left filter panel.

2. Right-click on the Fixlet you wish to restore and select the appropriate action from the pop-up menu.

You can unhide or toggle the hiding scope between global and local.

Generally speaking, it isn't necessary to hide Fixlet messages, as you can simply ignore them. The main reason

for hiding a Fixlet message is if you feel that the message isn't relevant to your network and could never be

useful and you want to avoid viewing the message every time you launch the BES Console.



Introducing Relevance

In order to quickly inspect various aspects of a computer, BigFix developed the Relevance Language. This

human-readable language is at the heart of the program and allows Fixlet authors to target actions to just those

computers that need the fix -- and no others. Thus you can feel confident that only broken machines are being

fixed and that the rest are never bothered.

The Relevance Language can query an exhaustive set of computer properties, and do it quickly. Most BES

Console operators will rely on third parties to write Fixlet messages, and so their exposure to the Relevance

Language is not critical to operating the BES Console. However, you can customize the Console with short

lines of code from the Relevance Language (called Relevance Expressions) which grant you an unprecedented

amount of control over the BES Client computers on the network.

A typical Relevance Expression might be:

vendor name of processor

This expression will return the name of the manufacturer of the CPU (Intel or AMD, for instance), which can

then be used to determine relevance.

You can use Relevance Expressions to create retrieved properties which you can then use to organize and filter

the BES Clients on the network. For example, here are some possible properties that might be useful to know

about your BES Client computers:

Property

name Relevance Expression Result

Pentium family name of main processor

contains "Pentium"

True if the processor is a Pentium.

Small

drive

Total space of drive "c:" < 2000000000 True if the drive is smaller than 2GB.

Bad clock absolute value (now - apparent registration server time) > 1 hour

True if the clock is off by more than one hour.

IE Version file version of application

"iexplore.exe" of the registry

Version number of Internet Explorer on a

Windows computer.

Mailto App

application of key "HKEY_CLASSES_ROOT\mailto" of

the registry

On a Windows computer, the name of the app that handles mailto requests from a

browser.

Running

Word

exists running application whose (name

of it as lowercase is "winword.exe")

True if Word is running on a Windows

BES Client computer.

Bios date date of Bios BIOS date on a Windows computer, if it exists.



Processors number of processors The total number of processors in the BES Client computer.

Use the Manage Properties dialog to see how these custom properties work. Click the Add New button,

supply the property name, and type in the Relevance Expression in the text box.

You can experiment and debug your Relevance Expressions using the BES Relevance Debugger that is

automatically installed with the BES Console. Choose the program from the BigFix Enterprise program group. Enter your expressions into the text window and then click the Evaluate button. The program can also format

your expression for easier reading.

There are literally thousands of useful Retrieved Properties — far too many to list here. For a more extensive

list of retrieved properties, check the BigFix Website. For an in-depth discussion of Relevance, refer to the

BigFix Relevance Language Reference.

Viewing Relevance Expressions

When a Fixlet message becomes relevant to some computer on your network, you'll want to know exactly what

triggered it, and what action is suggested. This is easy to investigate, because these items are written in the

BigFix Relevance Language, which is a human-readable language for probing and acting on computers.

To view Relevance Expressions:

1. Double-click on a Fixlet message from any list to bring up a detailed Fixlet document in the bottom window.

2. Select the Details tab.

This will open an HTML page listing the Properties and below that, the Relevance clauses and Action scripts:

BES Console Guide Page 17 TASKS


Tasks

Introducing Tasks

Tasks are similar to Fixlet messages, but are designed for ongoing tasks and as a consequence, they are more persistent. Tasks come with one or more Action scripts that can help you to adjust settings or run maintenance

tasks.

Tasks contain a description of the issue and may have a default action, allowing you to simply click from the

Task list to deploy it.

Tasks and Fixlet messages can be grouped into Baselines, allowing even higher levels of automation.

At any time, you can open a Task to inspect the Relevance expressions that qualify the Clients as well as the

Action script that will address the task.

Viewing Tasks

To display a Task,

Double-click an entry in any Task list

The body of the Task will show up in the lower display region (click the Description tab if not already

selected). Each Task, when selected, gets a window of its own. These windows can be managed by selecting

items from the Window menu.

The Task display region has four tabs:

Description: This is typically an HTML page providing a descriptive explanation of the problem and

an action to fix it. Details: This tab lists the Task Properties, a section detailing the code behind the Relevance

expressions and the Task actions, along with other Task properties. Scroll to the bottom to enter a

comment as a note for yourself or other BES Console operators. Applicable Computers: This is a filter/list of all the computers targeted by the selected Task. You can

filter the list by selecting items from the folders on the left, and sort the list by clicking on the column

headers.

Action History: This is a filter/list of any actions that have been deployed from this Task. If the Task is new, there won't be any actions in the list. Like the other filter/lists in the BES Console, you can filter

the actions using the left panel, and sort them by clicking the column headers.



Monitoring Tasks

When Tasks become relevant somewhere on your network, BES will add them to the list of Tasks to be

displayed under the Tasks tab in the BES Console main window. As with all the filter/lists in the BES Console,

you can filter this list using the panel of folders on the left. Each folder contains data groupings that you can use to narrow down the list of Tasks on the right. Then, in the listing area itself, you can sort the Tasks by clicking a

column heading:

Name: The name assigned to the Task by the author.

ID: An identifying number for this Task.

Category: The type of Task, such as a security patch or update. Site: The name of the site that is generating the relevant Task.

Applicable Computer Count: The number of BES Clients in the network currently affected by the

Task. Open Action Count: Number of distinct actions open for the given Task.


Source Severity: A measure of how serious a Task is, assigned by the Task author. Typical values are

Critical, Important, Moderate or Low. Source: The name of the source organization that provided the Task information.

Source ID: A numerical ID to help track this Task back to its source. This is often left unspecified.

Source Release Date: The date this Task was released.

For example, you might filter the list by opening the Source Severity folder (under All Applicable Tasks) and selecting Critical to filter out non-critical Tasks. Then you could sort the Tasks by Affected Computer Count

(which shows the number of affected computers) to find which Tasks are relevant to the greatest number of

computers. If you don't see one of the columns listed above, right-click in the Task header and select it from the

pop-up menu.

Commenting on Tasks

You can attach a comment to a Task that other operators can read.

1. Select the Tasks tab and choose one of the categories and folders from the left panel to narrow down

your list.

2. Select a Task from the list on the right by double-clicking it. 3. From the document panel below, select the Details tab and scroll to the bottom of the page.


Your comment will be name- and time-stamped for other operators to view it. As well as Tasks, you can attach

comments to Fixlets, Actions, Computers and Analyses.




To clone off a Task and customize it, first select the Task in any list, then:

Select Edit > Create Custom Task Copy... (or right-click on the Task and select Create Custom

Copy from the pop-up menu).

This brings up a dialog with four tabs. At the top of the dialog, you can specify the name of your custom task

and the site that will host the task. Click through each of the tabs below to define your Task:

Description: This dialog lets you describe your custom Task as an HTML page. Edit the text, using the text modification bar at the top.

Action: Select the Action you wish to modify, or click the Add button to create a new Action. In the

main dialog area, type in a new script or customize the existing script. For more information on actions, refer to the BigFix Action Guide. This interface allows you to set the script type, shuffle the order of the

Actions and define the criteria for successful completion.

Relevance: Enter your relevance statement here, or modify the existing relevance statement. This is how you target your Task to specific computers. For more information on the relevance language, refer

to the BigFix Inspector Libraries.

Properties: Customize the properties of your Task, or accept the original properties. Since you have

customized the Task, you should update the source fields to reflect the new authorship. There are fields

here specify the category, download size, source info and the CVE/SANS ID codes.

When you're satisfied with your Task modifications, click OK. Your customized Task needs to be propagated,

so you will be prompted for your private key password. Once you enter it and click OK, your Task will be sent

to all networked BES Clients, which will evaluate it for relevance and report back their status. You will now be

able to follow the deployment of your own custom Tasks from the BES Console.

Creating Tasks

To create your own custom Task,

Select Tools > Create New Task...

This brings up a dialog with four tabs. At the top of the dialog, you can specify the name of your task and the

site that will host the task. Click through each of the tabs below to define your Task:

Description: This dialog lets you describe your Task in an HTML format. Enter the text description of

your Task, using the text modification bar at the top to adjust font, size, etc. In the Action box, enter the prompt you want to accompany your action.

Actions: Select a script type (typically a BigFix Action Script). In the main dialog area, type in your

action script. For more information on actions, refer to the BigFix Action Guide. You can add new Actions here, make one of them the default action, and establish the criteria for successful completion.

Relevance: Enter your relevance statement here. This is how you target your Task to specific

computers. For more information on the relevance language, refer to the BigFix Inspector Libraries.

Properties: Enter the basic properties of your Task, including Category, Download Size, Source, Source ID, Source Release Data, Source Severity and CVE/SANS ID, if any. These properties become

sortable fields in Task listings and Web Reports.



When you're satisfied with your Task definitions, click OK. Your Task needs to be propagated, so you will be

prompted for your private key password. Once you enter it and click OK, your Task will be sent to all the BES

Clients, which will evaluate it for relevance and report back their status. You will now be able to follow the

deployment of your own custom Tasks from the BES Console.

Hiding Tasks

You can hide a Task with the following procedure:

1. From any Task list, select the Task you want to hide.

2. Right-click on the Task and select Globally or Locally Hide Task from the pop-up menu (or from the

Edit menu)

The selected Task(s) will no longer be displayed in the Task list. If you elected to hide the Task locally, it will still be visible to other Console users. If you are a master operator, you can hide a Task globally, so it will also

be hidden to all non-master users.

Items that are hidden are still available and you can restore or unhide them at any time. Here's how:

1. Click on the Tasks tab, then select Locally or Globally Hidden Tasks from the left filter panel.

2. Right-click on the Task you wish to restore and select the appropriate action from the pop-up menu.


Generally speaking, it isn't necessary to hide Tasks, as you can simply ignore them. The main reason for hiding a Task is if you feel that the message isn't relevant to your network and could never be useful and you want to

avoid viewing the message every time you launch the BES Console.

Adjusting Settings Tasks

There are special tasks that are designed to help you manage the settings for your BES Clients, Relays and

Servers.

1. Click on the Tasks tab.

2. Open one of the special task categories in the left panel. To change settings, choose from BES Client

Settings or BES Server/Relay Settings.

3. Select a folder to filter the tasks, if desired. 4. Double-click to select a task from the panel on the right. The task will be displayed in the document

window.

These settings are useful to control the overall speed and responsiveness of the BES network. Throttling your

clients or servers and adjusting your download cache size are a few of the techniques you can use to match the

bandwidth requirements of BES to the power of your computers.



Viewing Relevance Expressions

When a Task becomes relevant to some computer on your network, you'll want to know exactly what triggered

it, and what action is suggested. This is easy to investigate, because these items are written in the BigFix

Relevance Language, which is a human-readable language for probing and acting on computers.

To view Relevance Expressions:

1. Click on the Task tab.

2. Double-click on the desired Task from the list to bring up a detailed Task document in the bottom window.

3. Select the Details tab and scroll down to the Relevance section.

This will display the "brains" behind the Task. Click on show indented relevance to expand the code into a

more readable form. Below the Relevance section is the Action section, which displays the script that will be

executed.

BES Console Guide Page 22 BASELINES


Baselines

Introducing Baselines

Baselines are collections of Fixlet messages and Tasks. They provide a powerful way to deploy a group of

Actions across an entire network with a single command.

Baselines provide a way to maintain a common operating environment, making sure that all users in any given

domain have the same software, patches and drivers. Baselines are easy to set up, simply by selecting the Fixlet

messages, Tasks and other Baselines that you wish to be a part of the group. To limit the scope of a Baseline, a

Relevance expression can be used to target any subset of your network, using IP addresses, computer names,

operating systems and many other qualifiers.

For instance, you might make a Baseline named "All critical hotfixes," and populate it with all the current

critical hotfixes available in the Fixlet list. Or you might create one named "Finance department baseline,"

designed to keep that particular group of computers updated with the latest financial programs, financial tables,

updates and patches.

Viewing Baselines

Baselines allow you to group Fixlet messages and Tasks into a group for simple, one-click deployment. To

display an existing Baseline,

Double-click an entry in any Baseline list

The body of the Baseline will show up in the lower display region. Each Baseline, when selected, gets a

window of its own. These windows can be managed by selecting items from the Window menu.

The Baseline display region has several tabs:

Description: This is typically an HTML page providing a descriptive explanation of the problem and an action to fix it.

Details: This tab lists the Baseline Properties, a section detailing the code behind the Relevance

expressions and the Baseline actions, along with other Baseline properties. Scroll to the bottom to enter a comment as a note for yourself or other BES Console operators.

Components: This tab lists the components, namely the Fixlet messages, Tasks and other Baselines

that are grouped into this Baseline. Baselines make a copy of the components, so it is possible for one

of these copies to get out of sync with the underlying Fixlet or Task that spawned it. If this happens a message will appear saying that the source differs from the copy and allowing you to synchronize with

the current source.

Applicable Computers: This is a filter/list of all the computers targeted by the selected Baseline. You can filter the list by selecting items from the folders on the left, and sort the list by clicking on the

column headers.

Component Applicability: This is a filter/list of the various components of the Baseline. It displays the

number of computers where the Baseline is currently applicable and, after a slash, the number where it it not. Double-click on an item in the list to bring it up for inspection.



Action History: This is a filter/list of any Actions that have been deployed from this Baseline. If the

Baseline is new, there won't be any Actions in the list. Like the other filter/lists in the BES Console,

you can filter the actions using the left panel, and sort them by clicking the column headers.

Monitoring Baselines

When Baselines become relevant somewhere on your network, BES will add them to the list of Baselines to be displayed under the Baselines tab in the BES Console main window. As with all the filter/lists in the BES

Console, you can filter this list using the panel of folders on the left. Each folder contains data groupings that

you can use to narrow down the list of Baselines on the right. Then, in the listing area itself, you can sort the

Baselines by clicking a column heading:

Name: The name assigned to the Baseline by the author.

ID: A numerical ID assigned to the Baseline by the author.

Site: The name of the site that is generating the relevant Baseline. Applicable Computer Count: The number of BES Clients in the network currently targeted by the

Baseline.

Open Action Count: The number of actions open for the given Baseline.

For example, you might filter the list by opening the By Site folder (under All Applicable Baselines) and

selecting a specific site to narrow the list. If you don't see one of the columns listed above, right-click in the

Baseline header and select it from the pop-up menu.

Commenting on Baselines

You can attach a comment to a Baseline that other operators can read.

1. Select the Baselines tab and choose one of the categories and folders from the left panel to narrow

down your list. 2. Select a Baseline from the list on the right by double-clicking it.

3. From the document panel below, select the Details tab and scroll to the bottom of the page.


Your comment will be name- and time-stamped for other operators to view it. As well as Baselines, you can

attach comments to Fixlets, Actions, Computers and Analyses.




To clone off a Baseline and customize it, first select the Baseline in any list, then:

Select Edit > Create Custom Baseline Copy (or right-click on the Baseline and select Create Custom

Copy from the pop-up menu).

This brings up a dialog with four tabs. At the top of the dialog, you can specify the name of your custom

Baseline and the site that will host the Baseline. Click through each of the tabs below to define your Baseline:

Description: This dialog lets you describe your custom Baseline as an HTML page. Edit the text, using the text modification bar at the top.

Components: You can add or customize the components of a Baseline. To add a new component, click

the add components to group link. From the resulting dialog, you can select new Fixlet messages, Tasks and other Baselines to add to the existing Baseline group.

Relevance: Enter your relevance statement here, or modify the existing relevance statement. This

allows you to further constrain your Baseline to specific computers. By default, this Relevance statement is simply TRUE, which leaves the job of targeting to the individual Fixlets and Tasks that

make up the Baseline. For more information on the relevance language, refer to the BigFix Inspector

Libraries.

Properties: Customize the properties of your Baseline, or accept the original properties. Since you have customized the Baseline, you should update the source fields to reflect the new authorship. There

are fields here specify the category, download size, source info and the CVE/SANS ID codes.

When you're satisfied with your Baseline modifications, click OK. Your customized Baseline needs to be

propagated, so you will be prompted for your private key password. Once you enter it and click OK, your Baseline will be sent to all networked BES Clients, which will evaluate it for relevance and report back their

status. You will now be able to follow the deployment of your own custom Baselines from the BES Console.



Creating Baselines

Baselines allow you to gather multiple Fixlets and Tasks into groups that can be applied at once to any set of

target computers. The name Baseline was chosen to suggest a minimal set of conditions that could be applied across your network to ensure compliance with corporate guidelines. To create your own custom Baseline from

scratch, follow these steps:

In a Fixlet or Task list, highlight one or more items and select Add To New Baseline from the context

menu. You can also select Create New Baseline from the Tools menu.

This brings up a dialog with four tabs. At the top of the dialog, you can specify the name of your Baseline and

the site that will host the Baseline. Click through each of the tabs below to define your Baseline:

Description: This dialog lets you describe your Baseline in an HTML format. Enter the text description of your Baseline, using the text modification bar at the top to adjust font, size, etc. In the Action box,

enter the prompt you want to accompany your action.

Components: This tab lets you add components to a Baseline. To add a new component, click the add

components to group link. From the resulting dialog, you can select new Fixlet messages, Tasks and

other Baselines to add to your new Baseline group.

Relevance: Enter your relevance statement here. This allows you to constrain the application of your

new Baseline to specific subsets of computers. The default here is TRUE, which lets the individual Fixlets and Tasks determine the targeting of the Baseline. For more information on the relevance

language, refer to the BigFix Inspector Libraries.

Properties: Enter the basic descriptive properties of your Baseline, including Category, Download Size, Source, Source ID, Source Release Data, Source Severity and CVE/SANS ID, if any. These

properties become sortable fields in Baseline listings and Web Reports.

When you're satisfied with your Baseline definitions, click OK. Your Baseline needs to be propagated, so you

will be prompted for your private key password. Once you enter it and click OK, your Baseline will be sent to

all the BES Clients, which will evaluate it for relevance and report back their status. You will now be able to

follow the deployment of your own custom Baselines from the BES Console.



Hiding Baselines

You can hide a Baseline with the following procedure:

1. From any Baseline list, select the Baseline you want to hide.

2. Right-click on the Baseline and select Globally or Locally Hide Baseline from the pop-up menu (or

from the Edit menu)

The selected Baseline(s) will no longer be displayed in the Baseline list. If you elected to hide the Baseline

locally, it will still be visible to other Console users. If you are a master operator, you can hide a Baseline

globally, so it will also be hidden to all non-master users.


1. Click on the Baselines tab, then select Locally or Globally Hidden Baselines from the left filter panel.

2. Right-click on the Baseline you wish to restore and select the appropriate action from the pop-up menu.


Generally speaking, it isn't necessary to hide Baselines, as you can simply ignore them. The main reason for

hiding a Baseline is if you feel that the message isn't relevant to your network and could never be useful and

you want to avoid viewing the Baseline every time you launch the BES Console.

BES Console Guide Page 27 ACTIONS


Actions

Introducing Actions

Actions represent the core functionality of the BES system. Fixlet messages, Tasks, and Baselines depend on

Actions to execute their remediation mission.

Actions are typically scripts that can customize a specific solution for each BES Client, using the power of

Relevance expressions. Although the Relevance language itself can't alter a Client, it can be used to direct

Actions in a way that parallels the original trigger. For instance, a Fixlet might use the Relevance language to

inspect a file in the system folder. Using a similar Relevance clause, the Action can then target that same file without knowing explicitly where that folder resides. This allows the Action author (and issuer) to concentrate

on the issue at hand without worrying about the vagaries of each individual computer system.

You can inspect an Action script before you execute it by looking at the Details tab of Fixlet messages and

Tasks. You can also write your own custom Action scripts. For more information, see the BigFix Action

Language Reference.

Viewing Actions

To view information about an Action:

Double-click on the desired Action from the list in the Actions tab.

In the bottom panel, there are three tabbed dialogs:

Summary: This tab summarizes the Action, with sections on the status of the Action and the progress

of the download. There is information on the behavior of the Action, including users, execution options

and post Actions. You can also view the actual relevance clause and the text of the Action script. At the bottom of this dialog is a text box where you can insert a comment that will attach to this Action.

Computers: This tab shows you the computers that are reporting in for this Action. If the Action was

originally targeted to specific computers, then a result will be shown for each targeted computer. However, if the Action was originally targeted by properties, only computers that respond are

displayed, and the tab is labeled Reported Computers.

Target: This tab lets you look at the set of computers that were targeted for this Action.



Monitoring Actions

When you decide to take a proposed Action you have several deployment options. For example, you might

schedule the Action to take place unattended after midnight or to take place explicitly with user involvement

during the day.

After Actions have been scheduled, the BES Server attempts to signal individual computers that Actions are

waiting for them. Ideally, the BES Client gathers the Action information from the Action site and carries it out

immediately. More typically however, some computers are powered off and others are mobile and undocked at

the time of the deployment. As soon as these computers are powered on or docked to the network, the remedial

Actions will be applied to them as well.

To monitor a deployed Action:

Click the Actions tab in the main BES Console window. If you haven't yet deployed an Action or all

Actions have completed, this list will be empty. Otherwise, double-click on any Action to view its

status, whether it is evaluating, waiting, running, fixed or failed. You also add comments to the Action,

either for yourself or other operators.

The Actions may go through several states as they are collected, evaluated and run by the clients. These states

include:

Running: The Action is currently executing.

Evaluating: The Action is still evaluating its relevance.

Failed: The Action has failed to execute properly. Cancelled: The user has cancelled the Action.

Download Failed: The Action failed to complete the download.

Locked: The computer is locked and can't execute the action. Offers Disabled: Offers cannot be presented on the specified client, so the Action will never run.

Waiting: The Action is waiting on a user response.

Pending Downloads: The Action is waiting on downloads.

Pending Restart: The Action is waiting for a restart from the Client computer. Pending Message: The Action is waiting for the user to accept the Action message.

Pending Login: The Action is waiting for the user to login for a user-assisted Action.

Pending Offer Acceptance: The Action is waiting for the user to accept the offer. Constrained: The Action has been constrained by a Relevance statement that has failed to become

TRUE.

Expired: The Action has passed its expiration date. Postponed: The Action has been postponed by the Client.

Invalid Signature: The Action can't run due to an invalid signature.

Not Relevant: The Action is not relevant on this Client.

Not Reported: The Action has not reported its success or failure. Error: The Action has resulted in an error.

Fixed: The Action has completed, resolving the issue.



Default Actions

Many Fixlet messages have a default Action. Such a message can have its Action execute automatically,

simplifying the interface:

Right-click on a Fixlet, Task or Baseline object and choose Take Default Action from the pop-up

menu. Or click and select Edit > Take Default Action. (This option is only available when the chosen

Fixlet or Task has a default action).

Often, a suite of related Fixlet messages becomes relevant all at once. If they each have default actions, you can apply all of them as a Multiple Action Group. This is a powerful technique that allows you to fix multiple

vulnerabilities across multiple machines with a couple of mouse-clicks. As with all power tools, you should

exercise caution. Here's how to automate multiple Action deployments:

1. Select (using shift- or ctrl-click) the set of Fixlet messages you want to group. 2. Right-click on one of the highlighted Fixlet messages and choose Take Default Action from the pop-

up menu.

3. From the dialog that pops up, you can refine the targeting of the actions, set an onscreen message, modify the deployment schedule and more.

4. Typically, if any Action in a group fails, the other Actions are stopped as well. If you want to continue

with the other Actions anyway, then check the box labeled Run all member actions of action group

regardless of errors from the Execution tab.

5. Click OK to execute the default action(s).

Making an Offer

You can offer your BES Clients a set of downloads or other actions that they can select at their own discretion

(also referred to as self-provisioning). These offerings are delivered as a type of Custom Action, so they include all the targeting and scheduling you would expect from a typical Action. To advertise such an offer, follow

these steps:

1. Select Tools > Take Custom Action.

2. The Take Action dialog pops up. At the top of this tabbed dialog is a place to provide a Name for your

Action Offering. This field can be sorted and filtered, so a good naming convention will let you get the most out of your lists and reports.

3. Click on the Offer tab.

4. Check the box labeled Make this action an offer. This will make the rest of the dialog editable. 5. Enter a Title for the offering in the text box. This is how your BES Clients will first see the offering, so

the title should be aimed at them.

6. Enter a Category for this offering in the text box. This is an extra field for Client bookkeeping purposes. One company may want offering categories like Installers and Uninstallers; another might

want Applications and Updates.

7. Enter a Description in the appropriate HTML area, outlining the nature of your Offer. As with the other

HTML editors in BES, you can change fonts, sizes, styles, numbering, and formatting to customize the description.

8. Click on the other tabs in the Take Action dialog to further customize the Action that will advertise

your offering. 9. When you're ready to deploy your Offering, click OK.



10. Your Action Offer will be distributed to all the computers that have been specifically targeted. This

select group of users will then be presented with your Offer and prompted to accept it on their own

schedule.

Commenting on Actions

You can attach a comment to Actions that other operators can read.

1. Select the Actions tab and choose one of the categories in the left panel to narrow down your list.

2. Select an Action from the list on the right by double-clicking it.

3. Click on the Summary tab. Scroll to the bottom of the dialog to the Comments section.


Your comment will be name- and time-stamped for other operators to view it. As well as Actions, you can

attach comments to Fixlets, Tasks, Computers and Analyses.

Deploying the Action

At the heart of the BES system is the ability to deploy actions to fix one or many computers. Actions are scripts

that may emply Inspectors to direct the actual scripted changes. Although they do not modify the BES Client themselves, these Inspectors act as universal commands that enable Actions to work across multiple computer

types. Fixlet messages, Tasks and Baselines all have attached Actions that you can target to any of the

computers in your BES network. Here's how:

1. Open a relevant Fixlet or Task from the BES Console by double-clicking it. Make sure the Description

tab is selected. Read the description carefully. 2. Click on the Details tab and research the Action. Examine the Relevance section and the Action script

itself.

3. From the Description tab, click the link or button corresponding to the Fixlet Action. The Take Action dialog box will appear. It will list the name of the action at the top.

4. In the Preset pull-down, you can accept the default setting or select Policy to establish an open-ended

Action with no expiration date.

5. If you wish, you can fine-tune the list of targeted computers using the Target tab. Use the computer tree in the left panel to filter the list in the right panel.

6. Create an optional message that will show up on BES Client computers using the Messages tab.

7. Set the various scheduling constraints and behaviors with the Execution tab. Use the other tabs in this interface to further modify the Action settings.

8. Any BES Operator with Custom Authoring permissions can modify the Action Script as well.

9. Click the OK button at the bottom of the Take Action dialog box. You will be asked for password authentication.

10. Enter the authentication password and click OK.

The action will be propagated to all the computers targeted in the Take Action dialog. Once the action has

executed and the targeted computers are fixed, those computers should no longer report this Fixlet message as

relevant.



Stopping an Action

Should you ever find it necessary to stop execution of an action that has already been deployed but hasn't

expired yet, follow these steps:

1. Click on the Actions tab in the main screen. This will bring up a filter/list panel of all current and

previous actions. You can filter or sort them by State or Time Issued to help you find the action you want to stop.

2. Right-click on the action and choose Stop Action from the pop-up menu. (Or select Stop Action from

the Edit menu).

This will remove the action from the BES Server, which — subject to details of a given computer's network

connectivity and gather frequency — will quickly terminate the action on each computer in the BES system.

If you want to modify an action that has been deployed but hasn't finished running, you must first stop the action as described and then start a new action with the desired characteristics. There is no way to modify the targeting

or scheduling of an action once the deployment is initiated.

Restarting an Action

If you have stopped an action before it finished, you can start it up again with this command:

Select Restart Action from the Edit menu.

This will place the action back on the server, which will then begin to target the action to the relevant machines.

Custom Actions

You can create custom actions to fix problems or address issues across your network that are not covered by the standard content. Although the process is simple to describe, there are a large range of actions and targeting

techniques at your disposal. To create a custom action:

1. Log on to the BigFix Console as an Operator with Custom Content permissions.

2. Select Tools > Take Custom Action. 3. The Take Action dialog pops up. At the top is a place to provide a Name for your custom action. This

field can be sorted and filtered, so a good naming convention will let you get the most out of your lists

and reports.

4. Under the Name field is a pull-down menu that allows you pick a Preset customized action, saving you time and ensuring accuracy. You can also save your current input as a preset for later use. There are two

built-in presets: Default and Policy. Normally, you will select Default, but if you wish to create an

Action that has no expiration date, select Policy. The Preset interface includes the following fields and buttons:

Preset: Select a preset from the pull-down menu.

Show only personal presets: Filter the list of presets to just your personal ones.



Save Preset: Save the current set of action options for later use. This button isn't active until

you make a change to one of the options somewhere in this dialog. When you click this button,

a dialog pops up prompting you for the name of your preset. A check box below that lets you save it as a public or private preset.

Delete Preset: Removes this preset from the selectable list. It brings up a confirmation dialog

allowing you to cancel this command.

5. Under the Presets, there are several tabbed dialogs: Target: Select the targets from the provided list, or use properties or a specific list of

computers to target the action.

Execution: Lets you constrain the execution schedule and allows you to specify the retry behavior for execution and failure.

Users: Lets you run an Action based on user presence. You can also expose specific users or

groups of users to a Client User Interface. Messages: Lets you provide a message to precede and accompany the Action.

Offer: Allows you to advertise the existence of programs or patches that your networked BES

Clients can opt into. This grants extra control to your users to customize their setup.

Post-Action: Describe what actions need to be done to complete the action, including restarts or shutdowns.

Applicability: This tab allows you to modify the original relevance clause.

Success Criteria: This tab allows you to determine what constitutes a successful outcome for the action.

Action Script: This tab allows you to create an action script.

6. Click on the Action Script tab and type in an action script. For more information on the Action Script

dialog, refer to the BigFix Action Guide. 7. Click on the Applicability tab if you would like to fine-tune the targeting of your action script. For

more information about the Relevance language, see the BigFix Relevance Language Reference and

the BigFix Inspector Guides. 8. Click on the Users, Messages, Execution or Post-Action tabs to further customize your action.

9. When you are ready to deploy your custom action, click OK.

10. Your custom action will be distributed to all the computers that have been selected or targeted. The

actions will be applied using whatever execution constraints and schedules you've specified.

BES Console Guide Page 33 CLIENT COMPUTERS


Client Computers

Introducing Client Computers

Client Computers represent those computers in your network running the BES Client. Once the client software is installed, you have a high level of control over these machines, allowing you to maintain common operating

environments, roll out the latest patches, detect spyware, view and summarize properties, create reports, and

much more.

Client computers can have settings applied to handle a multiplicity of features, including the ability to define

and organize corporate departments. Client computers can be automatically grouped according to these settings or other computer properties, allowing you to target specialized remediation to distinct domains. Settings are

used to define Relays, bandwidth, idle time, buffers and much more.

The Computers tab in the main interface lets you quickly stay on top of your network, with the ability to filter

and sort large numbers of computers by dozens of properties.

The Visualization Tool allow you to quickly monitor large, globally distributed networks, so you can follow remediation deployments and compliance, corporate-wide. Web Reports allow operators with access to a

browser to view audit trails and generate listings and graphical reports with just a few mouse-clicks.

Monitoring Computer Status

Although BES is primarily a preventive maintenance tool, it can also be used to analyze the computers in your

network. Using the BigFix Relevance Language, you can query any BES Client and get a real-time response. This can be invaluable for analyzing trends and potential problem areas on your network. To view the

computers on your network, sorted and filtered by various properties, follow these steps:

1. Select the Computers tab in the top panel. You'll see a filter/list of your networked BES Client

computers, ready to be sorted and filtered by various computer properties. 2. Click on By Retrieved Properties (in the left panel under All Computers) and open up folders to filter

the list. Click on the desired column headers (in the right panel) to sort the list. Click again to reverse

the sort order.

The folder names and column headers represent important, continuously updated properties of your networked

computers, called retrieved properties. To view the Relevance Expressions that define the column headers:

1. Select Manage Properties from the Tools menu. A dialog pops up, initially listing the default properties that come predefined in BES, such as OS, CPU, Computer Name and so on.

2. Click on a retrieved property. In the text box underneath, you can view the Relevance Expressions that

are used to define this column. For example, the column heading CPU is generated by the following (truncated) Relevance Expression:

(significant digits 2 of (speed of main processor / mhz)) as string & "Mhz" & family name of

main processor...

That is, CPU is a concatenation of relevance expressions and strings that will produce an output like:



2800 Mhz Pentium 4 3. Each property has an evaluation period. The shorter the period, the more often the client will evaluate

it. That makes the Console more up-to-date, but it may impact client performance. Make sure long

periods are allocated to time-consuming or slowly changing Relevance evaluations.

4. You may change the predefined properties here, but it is recommended that you add new column

headings, instead. Refer to the appropriate Inspector Guide for more details.

If you change any of the factory-installed properties, you can restore them by re-entering the original relevance

expression. See Restoring Retrieved Properties.

You can quickly select which properties to display by right-clicking on the column headers. A pop-up menu is

displayed that allows you to simply check or uncheck the properties you want to display. Notice that when you

delete a property from the headers, it also disappears from the filter panel to the left of the list.

Commenting on Computers

You can attach a comment to a BES Client Computer that other operators can read.

1. Select the Computers tab and choose one of the categories in the left panel to narrow down your list.

2. Select a computer from the list on the right by double-clicking it.

3. From the document panel below, select the Summary tab.

4. Scroll to the bottom of the page, type your comment into the text box and click the Add Comment

Button.

Your comment will be name- and time-stamped for other operators to view it. As well as Computers, you can

attach comments to Fixlets, Tasks, Actions and Analyses.

Creating Retrieved Properties

You can collect information from BES Clients by defining various retrieved properties. An impressive range of computer attributes can be monitored as retrieved properties. There are several reasons why you might want

to create some custom retrieved properties of your own:

Once you create a retrieved property it can be used as a filter in all subsequent computer listings,

allowing you to tame datasets that are too large to visualize by filtering them into smaller viewable

chunks. Your newly-created properties will be added to the column headers of computer listings, allowing you

to sort on their values.

Retrieved properties can be used to fine-tune the targeting of Fixlet actions.

Retrieved properties can also be used and charted in BES Web Reports.

BES ships with a predefined set of retrieved properties which are sufficient to group computers by many

frequently requested criteria. There are times, however, when you may want even more control over how your

BES Clients are grouped and sorted.

To create a custom retrieved property, follow these steps:



1. Choose Tools > Manage Properties. The Manage Properties dialog is displayed.

2. If you can't find what you want in this list, create a new property: click Add New, type in the name of

your new retrieved property and create a Relevance Expression to evaluate. This can access hardware characteristics, registry entries and even data in specific files on the client computers. After you define

the new property, the BES Clients will automatically compute the value of the corresponding relevance

expression and return it to the BES Database.

3. Click the OK button.

NOTE: Some of these properties are aimed at specific operating systems and will return a blank string for other operating systems. If more than one result is retrieved for a property, the entire list is retrieved.

Grouping Computers

BES Console allows you to group your computers so that you can target them appropriately. You might want to

group your development computers, for instance, to make sure you don't interfere with certain legacy software

projects. There are several ways to group computers, but the two most common techniques are manual and automatic grouping. Manual groups are static, but automatic groups can change dynamically, depending on the

current values of the inclusion properties.

To group computers manually, follow these steps:

1. Click the Computers tab.

2. Select a computer (or shift- and ctrl-click to select a group of computers) from the list. 3. Right-click on this group and select Add to Manual Group from the pop-up menu.

4. If groups already exist, they will be listed in the top list box. You can elect to add your selected

computers to an existing group by clicking on the top button.

5. Alternatively, you can click the lower button to Add the selected computers to a new manual group. 6. After selecting an existing group or entering the name of a new group, click OK.

7. Enter your private key password to propagate the group names to the relevant computers.

To group computers automatically, follow these steps:

1. Click the Computer Groups tab.

2. Right click in the list area and select Create New Automatic Group, or choose the corresponding item from the Tools menu.

3. Assign a name to this new automatic group, and select the site you want as a host.

4. Using the pull-down menus in this dialog, select the property, relation and value that will define

membership in the group. For instance, you could select OS contains Win to create an automatic grouping of all the Windows computers on your network. You can also create Relevance expressions in

this dialog (at the top of the property list).

5. Click the + button to add new properties that you can AND (include all properties) or OR (include any properties) together to identify group membership.

6. Click OK to complete the group definition.

7. Enter your private key password to propagate the group names to the relevant computers. Computers

that fit your criteria will now be automatically added to this group.



Now, when you view your networked computers using the Computers tab, you can separate them by groups.

From the filter panel on the left, open the All Computers icon and select the folder named By Group. Then

you can select the group or groups you want to list. Alternatively, you can click the Computer Groups tab and select groups from that list. Use the filter panel on the left to winnow down the list. For instance, click on All

Computer Groups, then select By Type to choose either your automatic or manual groups.

Whenever a list of computers is presented, you will find the By Group folder. For instance, when you click on

an Action button in a Fixlet or Task, you will see the Relevant Computers icon, listing just those computers

that are affected by the selected Fixlet. Open the By Group folder to narrow the list of computers down to just

the selected group(s).

NOTE: A computer can belong to more than one group.

Locking Computers

You can change the locked status of any BES Client in the network. This lets you exclude specific computers

or groups of computers from the effects of Fixlet actions. This could be useful, for instance, if you want to insulate certain development computers from any changes or updates. It also provides a powerful technique for

testing new Fixlet actions on a limited set of unlocked computers, while keeping the rest of the network locked

down. Client computers can be locked forever (until explicitly unlocked) or for a defined period of time.

Changes are made to the locked status of a BES Client by sending an action. As a consequence, the BES

Console operator must supply proper authentication in order to lock or unlock any computer. Even though a BES Client is locked, there is still a subset of actions that can be accepted by the client. These include clock

changes and unlock actions as well as actions from the BES Support site.

In order to lock or unlock a computer, follow these steps:

1. Click on the Computers tab to bring up the list of networked BES Client computers.

2. Select the computer(s) that you wish to lock. 3. Right-click and select Edit Computer Settings from the pop-up menu. (Or select Edit Computer

Settings from the Edit menu).

4. The Edit Settings dialog pops up. Click the checkbox to either lock or unlock the computer.

Although the Console doesn't provide an explicit interface for setting an expiration date on the lock, you can

create a custom Action to do so. For more information, see the BigFix Action Guide.



Removing Computers

This feature allows you to remove computers which you believe are no longer reporting to BES, such as

decommissioned computers. When you remove a computer from the database, you do not need to uninstall or unsubscribe the client. Should the client get reactivated and report back to the Console, the computer will

reappear in the database with its old information intact. Until then, the client will simply not be listed in the

BES Console.

To remove a computer from the BES database, follow this procedure:

1. Click the Computers tab and select the computer you wish to remove.

2. Right-click on the computer and select Remove from Database from the pop-up menu (or select

Remove Computer from Database from the Edit menu).

This computer will no longer be visible in the BES Console unless reactivated by the BES Client itself.

Restoring Retrieved Properties

There are two categories of Retrieved properties: predefined and reserved. It is easy to customize the predefined

properties that are used as column headers, but the reserved properties are protected. When you view them by selecting Tools > Manage Properties, the reserved properties are on a gray background and can't be edited.

However, those properties that show up on a white background can be edited at will.

If you make a mistake and wish to restore the predefined properties, or if you just want to see examples of more

pre-defined properties, see the BigFix web site at http://support.bigfix.com, click on Knowledge Base, select

BigFix Enterprise Suite and then search for retrieved properties.

Creating Client Dashboards

You can create custom Client Dashboards, similar to those in the BES Console. Dashboards are HTML files

with embedded Relevance clauses that can analyze the local computer and print out the current results. BES

Clients with a dashboard have an extra tab to display the resulting report.

To create a Client Dashboard, you must create a new folder named __UISupport (note the leading underlines) in

the __BESData folder. This is a subfolder of the BES Client folder, so the final pathname looks like:

Program Files/BigFix Enterprise/BES Client/__BESData/__UISupport

Place the Dashboard file (named _dashboard.html) and any accompanying graphics files into this folder. The next time the Client starts up, it will incorporate these files into its interface, adding a tab labeled Dashboard.

When the user clicks on this tab, the Dashboard will calculate the latest values of each Relevance clause and

display them.



The Relevance statements are embedded in the HTML inside special tags with the form:

<?relevance statement ?>

For instance, to find and print the time, use the following:

<?relevance now ?>

When the BES Client displays the page containing this statement, the BES Client evaluates the Relevance clause “now” and substitutes the value for the tag. The following sample HTML prints out the word “Date:” and

then the current date and time:

<html>

<body>

Date: <?relevance now ?>

</body>

</html>

To allow the user to refresh the Relevance evaluation, add this line to the file:

<html>

<body>


<A

href="cid:load?page=_dashboard.html">Refresh</A>

</body>

</html>

This link, labeled Refresh, causes the page to reload. When it does, it reevaluates the relevance clauses. It is easy to see how you would add other Relevance expressions to this page. For instance, to print out the OS and

the computer name, add these two lines:

<html>

<body>


Operating System: <?relevance name of operating

system ?>

Computer Name: <?relevance computer name ?>

<A href="cid:load?page=_dashboard.html"> Refresh

</A>

</body>

</html>



You can use style sheets to format the output. You can even use the default style-sheet, offer.css for some preset formatting. Here is an example of a Dashboard with a title, a header, a refresh link and a section of

retrieved property values:

<html>

<head>

<link type="text/css" rel="stylesheet" ref="offer.css"></link>

<title>BigFix Dashboard Example</title>

</head>

<body>

<div class="header">

<div class="headerTitle">

<font size="6"><?relevance computer name ?></font></div>

<div class="headerCategory">

<font size="1">(Last updated: <?relevance now ?>)</font><BR>

<div>

<font size="1"><a

href="cid:load?page=_dashboard.html">Refresh</a></font>

</div>

</div>

</div>

<div class="section">

<div class="sectionHeader">Computer Information</div>

<div class="subsection">

<table>

<tr><td valign="top"> OS: </td>

<td><?relevance operating system ?></td></tr>

<tr><td valign="top"> RAM: </td>

<td><?relevance (size of ram)/1048576 ?> MB</td></tr>

<tr><td valign="top"> DNS Name: </td>

<td><?relevance dns name ?></td></tr>

</table>

</div>

</div>

</body>

</html>



This dashboard file produces an output like the following:

To learn more about Relevance expressions, see the BigFix Relevance Language Reference.

BES Console Guide Page 41 COMPUTER GROUPS


Computer Groups

Introducing Computer Groups

Grouping your BES Client computers can simplify the maintenance of large networks. There are many ways to

group computers, from simple manual selection to more flexible automatic grouping.

A simple grouping technique is to manually select members of a group from the listing in the Computers tab.

For a quick look at a manual selection, click View as Group from the right-click context menu. This will bring

up an Ad-Hoc Computer Group document where you can quickly analyze various properties of the group. Ad-

hoc groups are temporary, but you can create persistent groups by choosing Add to Manual Group from the same context menu. These techniques are simple, but in a network with thousands of computers, they can be

tedious.

A more powerful technique is to define criteria for Automatic Grouping. From the Tools menu, select Create

New Automatic Group. Here you can define membership in a group based on the values of specific computer properties. You could, for instance, group computers by IP address ranges, operating systems, applications and

thousands of other criteria using Relevance expressions. Groups created this way have the benefit of automatic

enrollment and expulsion, so that a computer that is repurposed to a different task or department can

automatically switch groups without operator intervention.

Commenting on Computer Groups

You can attach a comment to a Computer Group that other operators can read.

1. Select the Computer Groups tab and choose one of the categories in the left panel to narrow down

your list.

2. Select a computer from the list on the right by double-clicking it. 3. From the document panel below, select the Description tab.

4. Scroll to the bottom of the page, type your comment into the text box and click the Add Comment

Button.

Your comment will be name- and time-stamped for other operators to view it. As well as Computer Groups,

you can attach comments to Fixlets, Tasks, Actions and Analyses.

BES Console Guide Page 42 COMPUTER GROUPS


Creating Manual Computer Groups

To Manually create a computer group, follow this procedure:

1. Click the Computers tab and shift- and ctrl-click to select the computers you want in your group.

2. Right-click on the computers you've chosen and select Add to Manual Group from the pop-up menu. 3. From the Select Manual Computer Group dialog, you can choose to add your selected computers to

an existing group or create a new group for them. Select an existing group or name a new one and click

OK.

4. Enter your password to propagate the new manual group.

This computer group is added to the Computer Group tab and will help you break your networked computers

down into more reasonably sized chunks.

Creating Automatic Computer Groups

To create a group that will automatically enlist computers, follow this procedure:

1. Click Tools > Create New Automatic Group.

2. From the Create New Automatic Computer Group dialog, enter the name of your group and select the site you want it to reside in.

3. Enter a property, a relation and a value into the three boxes at the bottom of the dialog. For instance to

create a group that will automatically enlist Windows computers, select OS contains Win. To add more

properties, click the plus (+) button to the right of the property field. All the specified properties will be ANDed to determine eligibility in this group.

4. When you're done, click OK and enter your password to propagate the group settings.

You now have a new Automatic Computer Group that will be listed in the Computer Groups tab and can be

used to subdivide your network into more workable chunks. Unlike Manual Groups which are statically

defined, Automatic Groups will change their population depending on the evaluation of the group properties.

Removing Computer Groups

To remove a computer from BES administration, follow this procedure:

1. Click the Computer Groups tab and select the computer group you wish to remove.

2. Right-click on the computer and select Remove Group from the pop-up menu (or select Remove

Computer Group from the Edit menu).

This computer group will be deleted from the list.

BES Console Guide Page 43 ANALYSES


Analyses

Introducing Analyses

Analyses allow the BES operator to view and summarize various properties of BES Client computers across a network. There are several pre-made Analyses supplied by BigFix that examine various aspects of your

networked computers, including their hardware, applications and Server/Relay/Client relationships.

Studying these pre-made Analyses can be instructive when you want to make your own or customize existing

ones. Custom Analyses can help you monitor aspects of your network that are interesting or vital to your

company's operation.

The Retrieved Properties that underlie each Analysis are created with Relevance expressions. For instance, to make sure you have fully deployed the most recent BES Client software, you might use an expression such as

version of client. This simple expression will be evaluated on every computer where the analysis is targeted,

allowing you to see explicitly which version of the BES Client is running on each computer, or to view a

summary of how many machines are running each version.

Analyses are targeted with another Relevance statement -- which may be as simple as TRUE -- to include all

connected Clients. Generally, you'll want to narrow the scope with a Relevance statement such as name of

operating system as lowercase starts with "win", which would limit the Analysis to Windows computers

only.

Viewing Analyses

To display an Analysis,

Double-click an entry in any Analysis list

The body of the Analysis will show up in the lower display region (click the Description tab if not already

selected). Each Analysis, when selected, gets a window of its own. These windows can be managed by selecting

items from the Window menu.

The Analysis display region has several tabs:

Description: This is an HTML page providing a description of the analysis.

Details: This screen provides a property-by-property listing of the chosen analysis, as well as the Relevance statement that is being used to target the chosen computers. At the bottom is a text box for

entering a comment that will become attached to this analysis.

Results: This dialog lists the actual results of the analysis, which can be filtered and sorted by the pre-assigned properties (this tab is only available if the Analysis is activated).

Applicable Computers: This is a filter/list of all the computers where the selected analysis is

applicable. You can filter the list by selecting items from the folders on the left, and sort the list by

clicking on the column headers.



Monitoring Analyses

When an analysis is activated, BES will add it to the list displayed under the Analyses tab in the BES Console

main window. The Analysis filter/list contains entries that can be sorted by the following column headers:

Name: The name assigned to the Analysis by the author.

Status: The activation state of the Analysis. Site: The name of the site that is generating the relevant Analysis.

Applicable Computer Count: The number of BES Clients in the network currently being analyzed.

Activated By: The name of the Console operator who has activated this analysis.

Time Activated: The date and time the analysis was activated.

As with all the filter/lists in the BES Console, you can filter this list using the panel of categories on the left. Each category contains data groupings that you can use to narrow down the list of analyses on the right. Then,

in the listing area itself, you can sort the analyses by clicking a column heading.

For example, you might filter the list by opening the Activated By folder (in the desired category, typically All

Analyses) and selecting a specific BES Operator to see the subset of analyses that have been activated by that

operator.

Commenting on Analyses

You can attach a comment to an Analysis that other operators can read.

1. Select the Analyses tab and choose one of the categories in the left panel to narrow down your list.

2. Select an Analysis from the list on the right by double-clicking it.

3. In the document panel below, select the Details tab. Scroll to the bottom of this dialog to the comments text box.

4. Type your comment into the text box and click the Add Comment button.

Your comment will be name- and time-stamped for other operators to view it. As well as Analyses, you can

attach comments to Fixlets, Tasks, Actions and Computers.



Creating Analyses

Analyses allow you to create and track specified properties of your managed BES clients. These properties can

be extracted from any subset of your network, which simplifies the process of managing inventory, licensing,

security and policies. Using Web Reports, you can view a history of each analysis.

Analyses are also the only way for Non Master Operators to create retrieved properties, since they don't have

access to the Manage Properties Dialog.

To create your own custom Analysis follow these steps:

1. Select Tools > Create New Analysis...

2. This brings up the Create Analysis dialog with a text box for entering the name of your new Analysis.

You can use the name for sorting and filtering, so it's worth creating a consistent naming convention to make your Analyses more accessible. Enter the name and then select the host site for the Analysis from

the drop-down menu at the right. The dialog contains three tabs. Click through each to define your

Analysis: Description: In this dialog, you can enter the text that will describe your Analysis. You can

choose from the text editing tools at the top of the text box to create your custom content.

Properties: Add the retrieved properties that form the core of your Analysis by clicking the

Add Property button, then providing a name and a Relevance expression that will be evaluated to create the returned property value.

Relevance: Enter another Relevance expression that will determine which computers will be

selected for this Analysis. 3. Check the box at the bottom of the dialog if you want to automatically activate the Analysis. When

you're satisfied with your Analysis definitions, click OK.

4. Your Analysis needs to be propagated, so you will be prompted for your private key password. Once you enter it and click OK, your Analysis will be sent to all the BES Clients, which will evaluate it for

relevance and report back their status. You will now be able to monitor specific properties of your

networked BES Clients from the Console.

Editing Analyses

To edit an Analysis, follow these steps:

1. Click on the Analyses tab in the BES Console, and in the resultant list, select the Analysis you want to edit. Note that not all Analyses are editable.

2. Select Edit > Edit Custom Analysis (or right-click on the Analysis and select Edit Custom Analysis

from the pop-up menu). 3. This brings up the Edit Analysis dialog. Enter the Name of the Analysis and then select the hosting site

from the pull-down menu. Below this, there are three tabs. Click through each to customize your

Analysis:

Description: Enter the description of the Analysis, explaining the properties that are being analyzed.

Properties: This is the crux of the Analysis. Click Add Property and the rest of this dialog

becomes editable. Enter the Name and Relevance to define a property. The Relevance clause will be evaluated to provide the retrieved property value. You can add more properties, or click

the Remove Property button to delete the highlighted one.



Relevance: Here is where you define a Relevance statement to target specific computers for

your Analysis.

4. When you're satisfied with your edits, click OK. 5. Your Analysis needs to be propagated, so you will be prompted for your private key password. Once

you enter it and click OK, your edited Analysis will be sent to all the BES Clients.

Hiding Analyses

You can hide an Analysis with the following procedure:

1. From any Analysis list, select the Analysis you want to hide.

2. Right-click on the Analysis and select either Globally Hide Analysis or Locally Hide Analysis from

the pop-up menu (or select these same choices from the Edit menu).

The selected Analysis will no longer be displayed in the Analysis list. If you elected to hide the Analysis

locally, it will still be visible to other Console users. If you are a master operator, you can hide an Analysis

globally, so it will also be hidden to all non-master users.


1. Click on the Analyses tab, then select Locally or Globally Hidden Analyses from the left filter panel.

2. Right-click on the Analysis you wish to restore and select the appropriate action from the pop-up menu.

You can unhide or change the hiding scope between global and local.

Reporting on Analyses

An Analysis report can be used to audit inventory, licensing, security, corporate policies and more. Web

Reports can create an Analysis Report with just a few mouse-clicks. Here's how:

1. Select Launch Web Reports from the Tools menu or Launch Web Reports from the Navigation bar. 2. Click on the desired Report server and click the Launch Web Report button.

3. Log in with your user name and password.

4. Click on the Create item at the top of the screen. 5. From the list of radio buttons, select All Analyses and click the Next button.

6. Your report is generated. You can now filter, print, store, email or export it (in comma-separated

value format).

BES Console Guide Page 47 OPERATORS


Operators

Introducing Operators

When you install BES, you will also set up specific personnel to act as Operators. There are three classes of

operator: Administrators, Master Operators and Operators.

The BES Site Administrator is responsible for installing and maintaining the BES components, as well as

managing the certificates and keys. Only the Administrator can create new users.

The BES Console Master Operators can assign management rights to other operators.

The BES Console Operators are the day-to-day managers of their own domains, but they can't assign

management rights.

Often these administrative roles will overlap and one person may be assigned multiple duties.

Monitoring Operators

If you are a Master Operator (you must have a properly authorized user name created with the BES

Administration Tool), you can monitor what other operators are doing.

Each operator is represented by a Name, Master Operator status and Last Login Time. Click the Console

Operators tab to view the collection of authorized BES Console operators.

Double-click on any desired operator to open the Console Operator document window. There are two tabs:

Administered Computers: This tab presents a list of computers that are currently assigned to the

selected BES Console operator.

Issued Actions: This tab presents a list of actions that have been issued by the selected BES Console

operator.

Assigning Management Rights

In a typical BES deployment, there may be thousands of computers sharing a centralized Fixlet database. If they

are all administered by a single BES Console, there may be an overwhelming amount of information to view and the response rate may suffer. In addition, most companies wish to limit the actions of various managers to

specific domains or departments. Each department head can be assigned management rights to his or her own

departmental computers. For even larger networks, these departments can be broken down again. Because

different managers can be assigned to overlapping groups of computers, any kind of configuration is possible.

Managers only receive information from their assigned computers, dramatically improving responsiveness.

BES Console Guide Page 48 OPERATORS


Here's how to grant or revoke management rights:

1. Log in to the BES Console as a Master Operator (you must have a properly-authorized user name

created with the BES Administration Tool). If you don't have the proper authorization, you will not be

allowed to edit management rights. 2. Click on the Console Operators tab to bring up a filter/list of all authorized BES Operators. (If you

don't have the proper authorization, this tab will not be available).

3. Right-click on an operator and select Assign User Management Rights from the pop-up menu. (Or

select Assign User Management Rights from the Edit menu). 4. From the dialog, you can grant specific management rights to the selected operator. Click the Add

button, which will bring up a computer filter.

5. Using retrieved properties as a filter, select the desired subset of computers you wish to have administered by this Console operator, and click OK.

6. You can also revoke management rights using this dialog box. Simply click on the Delete button which

will bring up another computer filter. Select the computers you want to remove from this operator's

administration and click OK.

7. Click the OK button to finalize the setting.

Management rights are distributed as Actions, so you will see a brief Action Progress dialog as the new rights

are deployed.

BES Console Guide Page 49 FIXLET SITES


Fixlet Sites

Introducing Fixlet Sites

Fixlet sites are collections of Fixlet messages that are created internally by you, by BigFix, Inc., or by other third parties. You subscribe to a Fixlet site and agree on a schedule for downloading the latest batch of Fixlet

messages.

You can view and manage your collection of Fixlet sites by selecting Manage Sites from the Tools menu. You

can add a new Fixlet site subscription by acquiring a Masthead file from a vendor or from BigFix. Sites are

generally devoted to a single topic, such as security or the maintenance of a particular piece of software or

hardware.

You can set up your own custom Fixlet site and populate it with Fixlets that you have developed specifically for

your own network. You and other operators can then send and receive the latest in-house patches and quickly

deploy them to the appropriate locations and departments.

Selecting Sites

Upon installation, BES is automatically set up to subscribe to the BES Support Site. Depending on the terms of your license, you may have subscriptions to other sites as well. This means that content from those Sites will

automatically flow into your enterprise and will be evaluated for relevance on all computers running the BES

Client.

To subscribe to a site, follow these steps:

1. First, find an appropriate Fixlet site. Finding a Fixlet site is equivalent to finding a Fixlet site masthead file, which has an extension of .efxm or .afxm. There are several ways to do this:

BigFix Sites: BigFix may post links list to new Fixlet sites as they become available.

Fixlet Subscriptions: Sometimes a Fixlet message might offer a subscription. Just click the Fixlet action to initiate the subscription.

Download Mastheads: You can also subscribe to a Fixlet site by downloading a masthead file

from a vendor's web site. Once the masthead is saved to your computer, you can activate it in

one of two ways. Double-click the masthead.

Select Manage Sites from the Tools menu and click Add External Site. This brings

up a standard Open File dialog. Navigate to the saved masthead and select it. 2. Select the desired masthead and click OK.

3. You will be prompted for your private key password. Type it in and click OK.

The masthead is propagated to all BES Clients, which will immediately begin to evaluate the Fixlet messages

from the new site.



Viewing Site Properties

After initiating a subscription, you may want to inspect its properties and signing authorities. This can be useful

when tracking down the origin of a particular Fixlet message or action. Here's how:

1. Choose Tools > Manage Sites. A dialog box pops up.

2. Select the desired site from the list.

3. Click the Properties button.

The Site Properties dialog box will appear, detailing information about the site publisher and the precise URLs from which the content has been gathered. Among other things, this dialog box may contain e-mail addresses

for user feedback, websites and the recommended gather frequency.

Depending on its type, a site may have other properties as well. A custom site will let you assign permissions

for owning, writing and reading a Fixlet site. External sites (except BES Support) can have restrictions placed

on both computers and operators, letting a Master Operator fine-tune the domain of a Fixlet site.

Canceling a Subscription

You can afford to be adventurous in trying out Fixlet Site subscriptions for your organization, since no actions

are ever taken without your approval. Nevertheless, if you find that a subscription isn't useful, you can cancel it

by removing the Site from the list of subscriptions, as follows:

1. Choose Manage Sites from the Tools menu and, in the Manage Sites dialog box, you'll see a list of current subscriptions.

2. Click the name of the Fixlet site you want to remove.

3. Click the Remove Site button.

NOTE: You can't unsubscribe from the BES Support site — it's needed to upgrade and manage licensing issues in the BES Console program.



Creating Custom Sites

You can create a Custom Site to host your own Fixlet messages that are pertinent to your network. Here's how:

1. Select Tools > Manage Sites.

2. From the Manage Sites dialog, click the Create Custom Site button.

3. Provide a name for your custom site. In the checkbox, indicate whether or not you wish to automatically subscribe all computers to this site and click OK.

4. In the Site Properties dialog, enter a description of your site.

5. From the Site Owners tab, add any Console Operators who have Custom Site permissions to the list of

people who can manage the site. 6. From the Site Writers tab, add those operators that you wish to author Fixlet messages for the site.

7. From the Site Readers tab, add those operators that will be allowed to view the site contents and sign

up Clients.

8. Click OK. You must enter your password to propagate your new custom site.

Restricting Computers

There may be occasions where a BES Client or a group of Clients is storing redundant Fixlet messages,

typically due to an overlap in site content. In addition, some BES Clients may collect superfluous Fixlet

messages, as when a Linux machine retrieves Windows Fixlets. This poses no problem to the operation of BigFix, which knows to ignore irrelevant or redundant Fixlet messages, but it may consume precious Client

disk space.The Site Subscription dialog lets you narrow down the number of clients subscribed to the selected

external Fixlet site. Here's how:

1. Select Manage Sites from the Tools menu. 2. From the dialog, select the external Fixlet site you wish to constrain. The BES Support site can't be

restricted, and custom sites have their own interface, so you will be selecting one of your other external

sites. Click the Properties button. 3. Select the Subscription tab. Use the three radio buttons to choose your desired computer grouping. The

default is to subscribe all clients. The third button lets you describe a group using the Automatic

Computer Grouping interface, where you select groups by property values.

4. When you're satisfied with your computer selection, click OK.



Restricting Readers

Restrictions can be placed on Fixlet sites to limit access. As well as operator permissions on Custom Fixlet

sites, you can restrict both the operators and computers of most external Fixlet sites.

Not all operators need to know about all sites, and some sites may be most easily managed by a single operator, such as an appointed Anti-Virus Czar or the Finance IT Manager. If you have Master Operator privileges, you

can limit how many Non-Master Operators are able to view any specified Fixlet site. Here's how:

1. Select Manage Sites from the Tools menu.

2. From the dialog, select the Fixlet site you wish to constrain. The BES Support site can't be restricted,

and custom sites have their own interface, so you will be selecting one of your other external sites. Click the Properties button.

3. Select the Site Readers tab. The default is to allow both classes of operator, Master and Non-master, to

gain access to the selected site. You can't delete Master Operators, but you can Remove All Non-Master Operators and then add back any group of operators you desire. Click the Add operator button

and use Ctrl and Shift-click to select eligible operators from the list.

4. When you're satisfied with your selection, click OK.

BES Console Guide Page 53 DISPLAYS AND REPORTS


Displays and Reports

Introducing Web Reports

The BES Web Reports program can monitor, print or archive the status of the local database. It also has the ability to read the databases of other BES Servers and aggregate the data. That offers you a top-level view of a

large or far-flung enterprise with multiple database servers. Aggregation servers allow you to view information

from multiple networks with hundreds of thousands of computers.

Here's a sample graphical output of a location report, using computer settings to help you manage a multi-city

network:



This is a snippet of a more traditional report, summarizing the computers on your network by operating system:

BES Web Reports can be viewed at any time from the desktop by selecting Start > Programs > BigFix

Enterprise > BES Web Reports or from the BES Console under Tools > Launch Web Reports or from the

Navigation Panel under Reports > Launch Web Reports.

Any BES Web Report server can be set up to aggregate data from the other BES Servers. Talk to your BES Site Administrator about setting up an aggregation server. Refer them to the BES Administrator's Guide for

further information.

Web Reports Overview

You can view the data in the BES database from several different points of view and save or print the output.

You may also export the output to Excel for further manipulation. These features are provided by the BES Web Reports program, which can be run at any time from the desktop by selecting Tools > Launch Web Reports or

Reports > Launch Web Reports from the Navigation Bar. You can also access this Web-based interface from

the desktop: Start > Programs > BigFix Enterprise > BES Web Reports.

The Web Reports program will enable you to get an overview of your relevant Fixlet messages and your remediation efforts. You will find charts summarizing the number of administered computers in your network

and your vulnerability status. In addition, you'll find overall statistics and a list of the most common issues

detected. You can click on these commonly relevant Fixlet messages to see them in greater detail.



At the top of the screen are several items offering different services:

Overview: The default screen you see when you start up the BES Web Reports program, containing

common issues, historical data and various statistics.

Reports: Allows you to select from a list of previously-defined reports or to create new ones. Some commonly-requested reports are built-in, such as Operating System Distribution and Vulnerability

Trends. Select them from the list. You can create your own custom reports and save them as either

public or private (viewable only by you). Your public reports will be added to the reports list; your

private reports will only be available when you log in with a correct password. Create: This section allows you to create custom reports based on Fixlet messages, retrieved properties

of computers actions and more. You can look at all connected databases, or select specific ones. You

can also create custom filters and save them for other reports. Some of report types include: Computer, listing computer properties (sortable by up to three properties) and all networked

computers.

Retrieved Property, listing single retrieved property status.

Analysis, listing all analyses. Fixlet, individually or listed by relevance, assessment, compliance or progress.

Task, listing all tasks.

Baseline, showing all Baseline groupings. Action, summarized.

History, by relevant or average count.

Unmanaged Assets, listing all unmanaged assets. Operators, listing all operators.

Hidden, listing hidden Fixlets, Tasks, etc.

Advanced, letting you create a custom report.

Schedule: to automatically generate reports on a specified timetable. Email: to establish your email SMTP server and domain.

Users: to list and add users to those who have permission to log into Web Reports.

Database: to view and validate BES databases.

There are several options listed in the left panel:

Current Report. o Filter Report Pulldown. Allows you to filter your reports by one of your custom filters. Use

this pull-down to create and manage filters as well.

o Configure Report. Allows you to sort and summarize the data.

o Store Report. Saves your report to a public or private space. o Export to CSV. Creates a comma-separated value (CSV) list which can be read into a

spreadsheet.

o Printable Version. Reformats the report for printing. o Email Report. Allows you to email the report. You must set up your email connection (from

the Email tab) before this option will appear.

Favorites. Lists your current favorite reports Simply click on one to run the report. Recent History. Contains a list of the previous Web Reports activity. Click on one to return to that

task.



Viewing Web Reports

BES Web Reports can be viewed at any time by selecting Start > Programs > BigFix Enterprise > BES Web

Reports from the desktop. It starts up with a graphical report on the total issues affecting your network. You

can see at a glance how your remediation and policy enforcements are proceeding:

You can also initiate Web Reports from the BES Console:

1. Choose Tools > Launch Web Reports or select Reports > Launch Web Reports from the Navigation

Bar. 2. Select a Web Reports Server URL from the list and click Launch Web Reports

3. Enter your Username and Password and click Login.

4. From the options at the top of the screen, choose from the Overview, Reports, Create, Schedule,

Email, Users or Database tabs.

5. On the left panel of the Web Reports screen, you'll find links to Filter, Configure, Store, Export,

Print or Email the results. You can also assign and recall your Favorite reports, as well as keep track

of your Recent History.



Creating Web Reports

Using the Web Reports program, you can create reports that can be printed out or exported to Microsoft Excel

for further manipulation. Creating a report is as simple as clicking a few buttons to customize the output, but don't let the simplicity fool you -- there are thousands of different reports that can be generated by this web-

based program.

To create a web report, follow these steps:

1. Choose Tools > Launch Web Reports or click Launch Web Reports from the launch panel on the

left.

2. If you have multiple Web Report servers, you'll need to select the appropriate server URL from the list and click Launch Web Reports.

3. Enter your Username and Password and click Login.

4. From the options listed at the top of the screen, choose Create to specify the desired data for a custom report.

5. Select a Report Type (see below) from the list of buttons on the left and click Next.

6. Select secondary information and filters to customize your report and click Next again to generate the

report. 7. Select from the Report Actions at the left of the screen to Filter, Configure, Store, Export, Print or

Email the results.

There are several types of report, divided into categories. Click one of the buttons on the left to specify the type

and subtype of the report you desire. For most of the selections, you may also be able to filter the data to shorten the reports. When you select one of the report buttons, a sample report will be displayed to the right. At

the bottom of this page is a Next button (you may need to scroll down) that will allow you to refine your report.

The available report types (grouped into categories) are:

Computer: Create reports on your networked BES Client computers.

Computer Properties. Click this button to create a report on computers with user-selected

Retrieved Properties. Click Next (at the bottom of the screen) to choose from a list of sorting and summation fields for the various properties. You can specify up to three levels of retrieved

properties to categorize your networked computers. For each computer in this listing you can

specify extra information, including relevant Fixlet messages. Click Next again to output the report.

All Computers. Click the Next button to bring up a sortable list of computers. You can select

subsets of the list by typing in the first few letters of the computer name. Retrieved Property: These are the properties of the BES Client computers, including reports on single

or multiple properties.

Single Retrieved Property status. When you click the Next button, you can specify the

property of interest, such as CPU, User Name or Operating System. Select a graph type and the number of properties to graph. You can also customize the colors used in the graph.

Click Customize colors and a drop down menu of colors will appear. Enter the RGB values

you want and click Next again to view the graph.



Analysis: Create an analysis report.

All Analyses. When you click the Next button, you're presented with a report on all your

current analyses, listing them by Name, Sitename and Database, as well as Activation information. You can select individual analyses by specifying the first few letters of the

analysis name.

Fixlet: Create several different Fixlet reports.

All Fixlets. When you click the Next button, you will receive a paged list of all the Fixlet messages in the indicated databases, whether they are relevant to any computers on your system

or not. You can sort this list by column and filter the list by typing in the first few letters of the

Fixlet name. Relevant Fixlets. When you click the Next button, you will receive a paged list of all the

relevant Fixlet messages in the indicated databases. You can sort this list by column and filter

the list by typing in the first few letters of the Fixlet name. Issue Assessment. When you click the Next button, you can select specific Fixlet sites and

Fixlet messages from the list for a report on relevant Fixlet messages.

Issue Compliance. When you click the Next button, you can select specific Fixlet sites and

Fixlet messages from the list for a report on compliance with the Fixlet actions issued. Fixlet Progress. When you click the Next button, you can select specific Fixlet sites and Fixlet

messages from the list for a progress report.

Task: Create task reports. All Tasks. Click the Next button to bring up a list of all tasks currently active on your network.

You can filter this list by the name of the task or sort the list by any header.

Baseline: Create Baseline reports.

All Baselines. Click the Next button to bring up a list of all Baselines (groupings of common Fixlet messages and tasks) currently set on your network. You can filter this list by the name of

the Baseline or sort the list by any header.

Action: Create action reports, on a user-by-user basis. Action Summary. Click the Next button, to bring up a list of users. Select the users you want

for this report and click Next again.

History: Create historical timeline reports on relevant Fixlet messages. Fixlet History. Click the Next button to choose a Fixlet (or group of Fixlets) to report on.

Relevant Issue History. Click the Next button to choose a range of dates to limit this historical

report. You will see a graphical display representing the number of Fixlet messages that have

become relevant on your network over time, along with a list of the same data. Average Relevant Issue History. Click the Next button to choose a range of dates to limit this

historical report. You will see a graphical display representing the average number of relevant

Fixlet messages per computer over time, along with a list of the same data. Unmanaged Assets: Create reports on those assets not under the direct management of BES.

All Unmanaged Assets. Click the Next button and choose the desired properties you wish to

report on. A report is generated displaying these assets, along with the name of the source (such as Nessus) for each listed asset.

Operators: Creates a quick report listing the current set of authorized BES Console operators.

All Operators. Click the Next button to generate the report, detailing the operators, their

privileges and how many computers are under their control. This report also lists how many actions have been deployed by each operator.



Hidden: Create action reports, on a user-by-user basis.

Hidden Items. When you click the Next button, you will create a report on all the hidden items

(Fixlet messages, Tasks, Baselines or Analyses) in your database. You can sort this list by column and filter the list by typing in the first few letters of the item's name.

Advanced: Cut and paste from other reports.

Blank Report. When you click the Next button, you can paste a copied report (including its

Relevance and HTML formatting) and tag it with a name, description, category and visibility.

This report "snapshot" will be saved under your name.

There are several options listed in the left panel, including:


this pull-down to create and manage filters as well. o Configure Report. Allows you to sort and summarize the data.

o Store Report. Saves your report to a public or private space.

o Export to CSV. Creates a comma-separated value (CSV) list which can be read into a

spreadsheet. o Printable Version. Reformats the report for printing.

o Email Report. Allows you to email the report. You must set up your email connection (from

the Email tab) before this option will appear. Favorites. Lists your current favorite reports Simply click on one to run the report.

Recent History. Contains a list of the previous Web Reports activity. Click on one to return to that

task.



Visualizing Data

The Visualization Tool allows you to view and manipulate data from your entire managed network. It lets you

visualize various hierarchical relationships in your network, using a 3D sphere to map the data.

The Visualization Tool makes it possible to view a real-time graphical network map showing Fixlet relevance,

Action status, and Retrieved Properties.

As an example, you could view all computers that are currently unpatched for MS04-011 across an enterprise

network, displayed as an Active Directory hierarchy. Then you could watch the clients change from red to green as they get patched in real-time across your network. As another example, you could view all BES Clients that

are currently using Microsoft Office, colored according to version.

Or you can create your own hierarchy. You could assign settings on all your machines named 'city', 'building'

and 'floor'. You could then create a dynamic setting called 'location' that concatenates these properties:

set setting location = (value of setting 'city' & ';' & value of setting 'building' & ';' & value of setting 'floor')

Specify a semi-colon as the delimiter of this setting to visualize your computers as a location-based hierarchy --

from each networked city down to the floor of every building.

To create your own custom view of the data, follow these steps:



1. Select Tools > Launch Visualization Tool...

2. There are three tabs in the Visualization Parameters dialog:

General: Specify the desired display hierarchy from among BES Relays, Active Directory, IP Address or Retrieved Property.

Colorization: Indicate how you want to color-code the client nodes. You can base your color

scheme on Fixlet Relevance, Baseline Relevance, Retrieved Properties, Action Status or a

custom Relevance clause. Computers: Limit the computers you want to display, using Active Directory and Retrieved

Properties as filters. To show all the computers under BES management, click Show all

computers. 3. Click OK to generate your customized visualization of your network.

4. A graph of your network, mapped onto a 3D sphere, is displayed. You can now use the Controls listed

in the upper right corner to change your view of the data. 5. Double-click on a computer node to bring it to the forefront. Drag the elements in the graph to tweak

the viewpoint.

6. You can continuously rotate the model by selecting View > Spin Mode.

7. Use the Navigation menu to move through the hierarchy, from each selected computer to its sibling,

parent or child.

Viewing Dashboards

Depending on the sites you are subscribed to, you may have a menu labeled Dashboards. This menu contains a

list of reports that update in real-time, like a dashboard gauge in your car. These reports tap into the BES

Database to provide you with timely and compact high-level views of your network.

Different sites make these Dashboards available. For instance the BES License and Inventory site contains the

Application Usage Dashboard, which shows you constantly updated statistics about various executables on

your client computers. Other Dashboards may report on the BES Deployment, or the status of your Patch

rollouts.

To run a Dashboard, simply select it from the Dashboards menu. It will show up in the Document area at the

bottom of the screen.

BES Console Guide Page 62 RELAYS AND SERVERS


Relays and Servers

Understanding BES Relays

BES Relays are optional network components that can significantly improve the performance of your BES installation. Downloads and patches, which are often large files, represent by far the greatest fraction of BES

bandwidth. BES Relays are designed to take over the bulk of the download burden from the BES Server. Rather

than downloading patches directly from a BES Server, BES Clients can instead be instructed to download from

designated BES Relays, significantly reducing both server load and client/server network traffic. Relays help in the upstream direction as well, compiling and compressing data received from the BES Clients before passing it

on the BES Server. Any Windows 2000, Vista or XP-based client can serve as a Relay.

A BES Relay simultaneously mitigates two bottlenecks:

Relieves the Load on BES Servers. The BES Server has many duties, among them the taxing job of

distributing patches and other files. A BES Relay can be set up to ease this burden, so that the BES Server does not need to distribute the same files to every BES Client. Instead, the file is sent once to the

BES Relay, which in turn distributes it to the other BES Clients. The overhead on the BES Server is

reduced, on average, by the ratio of relays to clients.

Reduces Congestion on Low-Bandwidth Connections. If you have a BES Server communicating with a dozen computers in a remote office over a slow VPN, designate one of those computers as a BES

Relay. Then, instead of sending patches over the VPN to every BES Client independently, the BES

Server only sends a single copy to the BES Relay. That BES Relay, in turn, distributes the file to the other computers in the remote office over its own fast LAN. This effectively removes the VPN

bottleneck for remote groups on your network.

NOTE: BES Relays also work well to reduce total network usage when used on subnets connected through switches on your LAN. Please ask your BigFix support technician for more details.

Assigning BES Relays is simple, and BES Clients can be made to automatically discover and link to them. Automatic discovery is recommended because it ensures optimal performance even while computers and relays

are being disconnected and reconnected across the network.



BES Relay requirements

A BES Relay takes over most of the download duties of the BES Server. If several BES Clients simultaneously

request files from a BES Relay, a significant amount of the computer's resources may be used to serve those files. Other than that, the duties of the BES Relay are not too demanding. The requirements for a BES Relay

computer vary widely depending on three main factors:

The number of connected BES Clients that will be downloading files.

The size of each download.

The period of time allotted for the downloads.

The BES Relay system requirements are similar to those for a workgroup file server. A computer with 1 GHZ CPU, 256 MB RAM, and 5 GB of free space on the hard drive should be able to act as a BES Relay for several

hundred to several thousand computers - provided that the BES Console operator distributes the file downloads

over an appropriate length of time. Here are some further requirements and recommendations:

The BES Relay can only be installed on computers running under Windows 2000, 2k3, NT 4, Vista or XP.

The BES Relay can be installed on an ordinary workstation, but if several BES Clients simultaneously

download files, it may slow the computer down.

Workgroup file servers and other server-quality computers that are always turned on are good

candidates for installing a BES Relay.

Using BES Relays

Once you've set up a BES Relay you need to direct BES Clients on your network to gather from that relay,

instead of from your BES Server. This is actually a perfect job for a computer, and BES can automatically assign your relays for you. This is not without risks (see the Administrator's Guide or visit

http://support.bigfix.com for more information), but it can be a good idea for two reasons:

BES Clients can determine which relays are the fewest number of hops away, so your topology is

optimized.

Your network configuration is constantly shifting as laptops dock and undock, as computers start up or shut down, or as new hardware is added or removed. BES Clients can dynamically assess your

configuration to maintain the most efficient connections as your network changes.

Automatic Relays

Here's how you can ensure that your BES Client computers are automatically signing up to the nearest relays:

1. Click on the Computers tab to bring up a filter/list of BES Client computers. 2. Select the set of computers that you want to automatically connect to the optimal BES Relay.

3. Right-click the highlighted computers and select Edit Computer Settings from the pop-up menu.

4. Check the box labeled BES Relay Selection Method. 5. Select the button labeled Automatically Locate Best BES Relay.




Manually Assigning Multiple Clients

You can select all the computers (or any given subset) of the local net to gather from a specified relay. The

procedure is different for setting a single computer or multiple computers. Here's how to set multiple computers

to point to a relay:

1. Click on the Computers tab to bring up a filter/list of BES Client computers. 2. Select the set of computers that you want to connect to the BES Relay. Use the filter panel on the left to

narrow down the computer list, if desired.

3. Right-click the highlighted computers and select Edit Computer Settings from the pop-up menu.

4. Check the box labeled Primary BES Relay. 5. Select the name of the desired BES Relay from the pull-down menu.


Manually Assigning Single Clients

Here's how to set a single computer to point to a relay:

1. Click on the Computers tab to bring up a filter/list of BES Client computers. 2. Right-click on the single computer that you want to connect to the BES Relay.

3. Select Edit Computer Settings from the pop-up menu.

4. Check the box labeled Assign BES Relays Manually.

5. From the Primary BES Relay pull-down menu, select the desired Relay.


Setting Up A BES Relay

To set up a BES Relay, you need to designate a Windows 2000, 2K3, Vista or XP client computer to take over

some server duties. Once a BES Relay has been set up, computers on the network can automatically find them

and connect to them (or, if you need, you can manually assign BES Clients to point at specified relays).

This significantly reduces the client/server communication necessary for patch application and management.

BES Clients will start to download from these designated relays, minimizing the load on thin connections to the

BES Server. The BES Clients will also upload their status information to the BES Relay, which compiles and

compresses it before passing it on up to the server.

BES Relays help enormously to spread out and optimize your network traffic, ensuring maximum responsiveness with minimum bandwidth. BES Relays are especially attractive with remote offices connected

by relatively slow VPNs. The BES Server sends a single download to the remote BES Relay, which can then

distribute it to the BES Clients over a faster local subnet.



To configure a client computer as a BES Relay, follow these steps:

1. Click on the Tasks tab in the main BES Window.

2. Double-click the task labeled Install BES Relay. A task window will open up below. Make sure the

Description tab is selected. There are three choices for where to place the BES Relay install folder: o Install to the default location. This is the recommend action. It will automatically find the

optimal location for the install folder.

o Install to a given path This option allows you to specify another path for the BES Relay install

folder. o Install on the drive with most free space. This action lets you automatically choose the most

capacious drive for the installation folder.

After the relays have been created, BES Clients can be made to automatically discover and connect up to them,

always seeking the Relay that is the fewest hops away.

If you need to manually configure your BES Clients, you must notify each computer that it should use a specific

relay to point to, as described in Using BES Relays.

Adjusting the BES Server and Relays

To get the best performance from BES, you may need to adjust the server and the relays. There are two

important ways of adjusting the flow of data through throughout your BES-enabled network -- throttling and

caching:

Throttling Outgoing Download Traffic: Throttling allows you to set the maximum data rate for the BES

Server. Here's how to change the data rate:

1. From the Navigation Bar on the left, select View BES Server/Relay Settings Tasks from the BES

Administration menu. Or click on the Tasks tab in the main BES Window.

2. Double-click on the task labeled BES Server Setting: Throttle Outgoing Download Traffic. A task window will open up below. Make sure the Description tab is selected. There are three choices:

o Set the limit on total outgoing download traffic. This choice allows you to directly set the

maximum number of kilobytes per second you wish to grant the server.

o Disable the setting. This option lets you open the download traffic on the BES Server to full throttle.

o Get more information. This option opens a browser window with more detailed information

on bandwidth throttling. 3. If you select a throttle limit, then from the subsequent Take Action dialog you can select the desired set

of computers to throttle. Click OK to propagate the task.

Download Cache Size: BES can set a cache so that common downloads stay resident and don't incur any extra

data movement.

1. From the Navigation Bar on the left, select View BES Server/Relay Settings Tasks from the BES

Administration menu. Or click on the Tasks tab in the main BES Window. 2. Double-click on the task labeled BES Relay / BES Server Setting: Download Cache Size. A task

window will open up below. Make sure the Description tab is selected. Select the link to change the



download cache size on the listed computers. This list may include BES Relays as well as the BES

Server.

3. Enter the number of megabytes to cache. The default is 1024 MB, or a gigabyte.

4. From the subsequent Take Action dialog, select the desired set of computers and click OK.

Dynamic Bandwidth Throttling

When a large download becomes available, each link in your BES deployment may have unique bandwidth

issues. There are server-to-client, server-to-relay and relay-to-client links to consider, and each may require

individual adjustment. As explained elsewhere, it is possible to simply set a maximum value (throttle) for the data rates, and for this there are broad-based policies you can follow. You might, for instance, throttle a BES

Client to 2Kb/s if it is more than three hops from a BES Relay. However, the optimal data rates can vary

significantly, depending on the current hierarchy and the network environment.

A better technique is to use dynamic bandwidth throttling, which monitors and analyzes overall network capacity. Whereas normal throttling simply specifies a maximum data rate, dynamic throttling adds a “busy

time” percentage. This is the fraction of the bandwidth that you want to allocate when the network is busy. For

instance, you could specify that BES downloads should not use any more than 10% of the available bandwidth

whenever BES detects existing network traffic. Dynamic throttling also provides for a minimum data rate, in

the case the busy percentage is too low to be practical.

When you enable dynamic throttling for any given link, BES monitors and analyzes the existing data

throughput to establish an appropriate data rate. If there is no competing traffic, the throughput is set to the

maximum rate. In the case of existing traffic, BES will throttle the data rate to the specified percentage or the minimum rate, whichever is higher. You must enable dynamic throttling on both the server and the client side in

order for it work properly.

You control dynamic bandwidth throttling with computer settings. There are four basic settings for each link:

DynamicThrottleEnabled: This setting defaults to zero (disabled). Any other value enables dynamic

throttling for the given link.

DynamicThrottleMax: This setting usually defaults to the maximum unsigned integer value, which indicates full throttle. Depending on the link, this value sets the maximum data rate in bits or kilobits

per second.

DynamicThrottleMin: This setting defaults to zero. Depending on the link, this value sets the minimum data rate in bits or kilobits per second. This value places a lower limit on the percentage rate given

below.

DynamicThrottlePercentage: This setting defaults to 100%, which has the same effect as normal (non-dynamic) throttling.. It represents the fraction of the maximum bandwidth you wish to use when the

network is busy. It typically has a value between five and ten percent, to prevent it from dominating

existing network traffic. (A zero for this setting is the same as 100%.)

As with any other setting, you can create or edit the dynamic bandwidth settings by right-clicking on an item (or

group of items) in any computer list and choosing Edit Computer Settings from the context menu.



The specific variable names include the BES Server/Relay settings:

_BESRelay_HTTPServer_DynamicThrottleEnabled

_BESRelay_HTTPServer_DynamicThrottleMaxKBPS

_BESRelay_HTTPServer_DynamicThrottleMinKBPS

_BESRelay_HTTPServer_DynamicThrottlePercentage

The BES Client settings:

_BESClient_Download_DynamicThrottleEnabled

_BESClient_Download_DynamicThrottleMaxBytesPerSecond

_BESClient_Download_DynamicThrottleMinBytesPerSecond

_BESClient_Download_DynamicThrottlePercentage

The BES Gathering settings:

_BESGather_Download_DynamicThrottleEnabled

_BESGather_Download_DynamicThrottleMaxBytesPerSecond

_BESGather_Download_DynamicThrottleMinBytesPerSecond

_BESGather_Download_DynamicThrottlePercentage

NOTES: For any of these settings to take effect, you must restart the affected services (BES Server, Relay or

Client).

If you set a BES Server and its connected BES Client to differing maximums or minimums, the connection will

choose the smaller value of the two.

BES Console Guide Page 68 UNMANAGED ASSETS


Unmanaged Assets

Viewing Unmanaged Assets

You can view and analyze assets on your network, even if they are not under BES management.

To view Unmanaged Assets, you must first subscribe to the BES Asset Discovery site. It contains Tasks that will allow you to install this feature on your BES Console. After these tasks have propagated through your

system, a new tab will show up in the Console labeled Unmanaged Assets.

Click the Unmanaged Assets tab to open the list for filtering and sorting.

Double-click an asset from the list to open it up for viewing. In the bottom window, you will see a summary

report on the chosen asset. This consists of the key fields including the IP Address and the OS. Below this is a list of issues associated with the asset. Click on one to open it up. You will see a description of the issue, along

with possible remediation instructions. This can take the form of a registry setting or links to further

information.

This interface provides you with information similar to Fixlet messages, even though the asset is not directly

interrogated.

BES Console Guide Page 69 UNMANAGED ASSETS


Monitoring Unmanaged Assets

BES can be used to monitor assets, even if they are not directly managed by the BigFix system. These

unmanaged assets may be devices such as printers or routers, or computers that are not running the BES Client

software.

To view Unmanaged Assets, you must first subscribe to the BES Asset Discovery site. It contains Tasks that will allow you to install this feature on your BES Console. After these tasks have propagated through your

system, a new tab will show up in the Console labeled Unmanaged Assets.

As with all BES Console filter/lists, you can click on the folders in the left panel to filter the list on the right.

Click on any header in the list to sort the data by that field.

The available filters and headers include:

Asset ID: This provides a list of the Asset IDs that have been assigned to each device.

Source Name: This refers to the service, such as Nessus, that was used to create this list of unmanaged assets.

Running Client: This field indicates whether or not the BES Client is running on the listed asset.

Creation Time: This field lists the date of creation of this unmanaged asset.

IP Address: This lists the assigned IP address of the networked asset. MAC Address: This is the Media Access Control address that uniquely identifies each asset in the list.

Not all assets will report a MAC address.

DNS Name: The name of this asset, as referred to by the Domain Name Server.

OS: The operation system associated with this unmanaged asset (if any).

Double-click on any asset in the list to open it up for viewing.

BES Console Guide Page 70 MENUS


Menus

File Menu

The File Menu offers the following commands:

Open Open the selected item in a list. This typically brings up the associated document in

the work area of the BES Console.

Close Close the selected or top-most document in the work area of the BES Console.

Import Import .bes files, which can be default Tasks, Actions, Baselines or other content that you may have customized.

Export Export a Task, Action, Fixlet, Baseline, etc. that you or another Console user can

subsequently import. Exporting provides a useful mechanism for creating customized content. Simply export the content, edit it and then import the

customized version.

Preferences... Set refresh, BES Client heartbeat, colorizing, caching and other persistent Console preferences.

Change Database

Password...

Change the sign-in password for the currently connected user.

Exit Quit the program.



Edit Menu

The Edit Menu offers the following commands:

Cut Cut text and put in clipboard. This command is for use in the various text boxes

that the BES Console uses for data input.

Copy Copy text and put in clipboard.

Paste Insert the contents of the clipboard. This option is only activated when there is an editable text box on the screen.

Select All Select all items in the current window. This can be text or items in a list box.

Activate Analysis Activate an Analysis, so that the targeted clients are being queried on a regular basis. You will need to supply your private key password.

Deactivate

Analysis

Stop the continuing Analysis of the clients. This propagates a new action to stop the client analysis and requires your private key password.

Globally Hide

Object

Removes the selected objects (either Fixlets, Tasks, Baselines or Analyses) from

the list. This hides the object across all BES Consoles. The object itself is not actually deleted, and may be retrieved by viewing Globally Hidden objects from

the filter panel for Fixlets, Tasks and Analyses.

Globally Unhide

Object

Relists the selected objects (either Fixlets, Tasks, Baselines or Analyses). You must view Globally Hidden objects using the left filter panel, then select the items you

wish to unhide.

Locally Hide

Object

Removes the selected objects (either Fixlets, Tasks, Baselines or Analyses) from the list. This only hides the object on the current BES Console -- other Consoles

will still display the object. The object itself is not actually deleted, and may be

retrieved by viewing Locally Hidden objects from the filter panel for Fixlets, Tasks and Analyses.

Locally Unhide

Object

Relists the selected objects (either Fixlets, Tasks, Baselines or Analyses). You must

view Locally Hidden objects using the left filter panel, then select the items you wish to unhide.



Create Custom

Object Copy

Creates a customized clone of an object (either Fixlet, Task, Baseline or Analysis).

For each copy, you can create a header name and compose a message to describe

the associated actions. You can also customize or add relevance expressions to

refine the targeting of the Fixlet or Task.

Remove Custom

Object

Remove a customized object (either Fixlet, Task, Baseline or Analysis) from its

list. Confirming this choice will permanently remove the customized object from the list.

Edit Custom

Object

Edit the Message, Action, Relevance and Properties of a customized object (either

Fixlet, Task, Baseline or Analysis).

Edit Computer

Settings...

Edit the settings (locking, BES Relays and custom settings) for the selected

computer(s). Typically, you will edit settings on a computer by computer basis, but

you can also set multiple computer settings at the same time.

Modify Custom

Site Subscriptions

Change the set of computers that are subscribed to a custom site. Select a group of

computers and click on this menu item to subscribe or unsubscribe them from the

specified custom site.

Remove Computer

From Database

Remove the selected computer(s) from the list. These computers will no longer be

under BES administration.

Show Action

Info...

View information about a selected action's execution.

Take Default

Action

Execute the default action for this particular Fixlet message.

View as Group Creates an ad-hoc group from a selected set of computers. You may then view the

Fixlets, Tasks, Baselines, Actions and Analyses that pertain to this particular group.

Add Computer To

Manual Group...

Add the selected computer to a named group. You can either attach the computer to

an existing group or create a new named group. You must supply a password to propagate the new group name to the selected clients.

Remove Computer

From Manual

Group

Remove a computer from the specified group. First, select the group from the filter panel on the left, then select a computer from the list. You must supply a password

to propagate the change.



Send Refresh Refresh the displayed list of computers by querying the database.

Send Wake on

LAN Request

Send a request to wake up a sleeping Client.

Stop Action Stop the selected action(s).

Restart Action Restart the selected action(s).

Delete Action Deletes the action from the database.

Assign User

Management

Rights...

Brings up a display that lets you grant and revoke management rights on a

computer-by-computer basis.

Add Comment Lets you attach a comment to an object, such as a Fixlet, Task, Baseline or Action. This is a shortcut menu selection, equivalent to opening an object, selecting the

Details tab and entering a comment at the bottom of the page.

Find... Brings up a dialog that prompts you for the desired search field and search string. You can search for fields that either contain or don't contain the desired search

string. In addition, for objects that can be hidden, such as Fixlets, Tasks, Baselines

or Analyses, you can search based on visibility.



View Menu

The View Menu offers the following commands:

Fixlet Messages Open the Fixlet message tab, allowing you to view the list of Relevant Fixlet

messages. This has the same effect as clicking the Fixlet Messages tab on the main window.

Tasks Open the Task tab, allowing you to view the list of custom tasks that have been set

up for software installation, policy implementation and other internal network needs.

Baselines View the currently defined set of Baselines, which combine Fixlet messages, Tasks

and other Baselines into a collection that can be applied with a single mouse click.

Actions Display a list of the current action status for all selected BES Clients, detailing the

affected computers, targets, messages, users and execution. This has the same effect

as clicking on the Actions tab on the main window.

Computers Display a list of all BES Clients. For each one it shows relevant Fixlet messages,

actions, a history of previously executed actions and selected properties of the BES

Client. This has the same effect as clicking on the Computers tab on the main window.

Computer

Groups

Display a list of computer groups. Computer Groups can be manually assigned or

automatically assigned by name or properties.

Analyses Display a list of BES Client analyses. These create reports based on retrieved

properties of the clients, allowing you to maintain software configurations, registry

settings or other corporate policies.

Console

Operators

Display a list of the authorized BES Console operators, whether they are logged on

or not. This has the same effect as clicking on the Console Operators tab on the

main window.

Unmanaged

Assets

Display a list of assets not managed by the BES Console. This menu option is

conditionally available depending on your BES configuration.



Tools Menu

The Tools Menu offers the following commands:

Show Navigation

Bar

Display the Navigation Bar on the left side of the main interface. The Navigation

Bar provides a shortcut to the most commonly used BES functions.

Show Status Bar Display the number of relevant messages and the connected database in the status bar at the bottom of the BES Console window. Select this menu item to toggle its

state.

Refresh Fetch the latest information from the BES database. Typically, your information is updated automatically based on a schedule determined by your administrator (and

by your choice in the Preferences dialog). Since refreshing causes a database access,

you should use it with restraint.

Take Custom

Action...

Execute a custom command, targeted to any desired subset of BES Client

computers.

Create New

Analysis...

Create a custom analysis, based on the specified properties of the BES Client computers.

Create New Fixlet

Message...

Create a custom Fixlet message, complete with targeting and actions.

Create New Task

Message...

Create a custom Task, similar to a Fixlet message, but used by the Console operator

to install software, update settings or establish other local policies.

Create New

Baseline...

Create a custom Baseline, allowing you to establish a grouping of Tasks, Fixlet

messages and other Baselines that can be applied with a single click to any grouping

of computers.



Create New

Automatic

Group...

Creates an automatically defined grouping of computers, based on the names of the

computers.

Manage Sites... Initiate, cancel or modify subscriptions to Fixlet sites. Also lets you assign various

Fixlet sites to specific BES Clients. You can also create and modify custom sites in

this dialog.

Manage

Properties...

Create a list of properties to retrieve from the BES Clients, using Relevance clauses.

These properties become the column headers on client listings. There is a default set

of properties, but you may add or delete them. Properties are used to filter or select subsets of BES Clients for Fixlet action deployment.

Manage Signing

Key...

Present a dialog box to input and manage the signing key for the Action Site.

View Recent

Comments

View the list of comments made by the BES Console operators, sorted from most

recent to oldest. This list includes all comments, regardless of the underlying object.

Launch Web

Reports...

Provide access to data reports which are collected from various BES Servers and

aggregated into a set of HTML reports summarizing the history and status of Fixlet

messages and actions across extended networks of computers.

Launch

Visualization

Tool...

Run a tool to visualize the hierarchy of your BES installation, from the servers down

through the relays to the client computers.



Dashboards Menu

The Dashboards Menu contains a list of on-demand reports called Dashboards. These reports tap into the BES

Database and are designed to provide you with timely and compact high-level views of your network. Some of

the available Dashboards (depending on the sites you subscribe to) include:

Overviews: These include selected reports that provide a network-wide overview, such as:

BES Deployment Overview: Displays a real-time live view of your BES Deployment, including

information on BES Clients, Relays, Servers, Operators and Content.

BigFix AntiPest (powered by PestPatrol) Overview: Provides history, statistics, status and other

information about viruses on your network. Patches for Windows Overview: Displays the current status of your software patching needs, broken

down by severity.

Other Dashboards you might see include:

Deployment Health Checks: Provides up-to-date information on the efficiency of the BES Consoles,

Relays and Clients. Application Usage Tracking: Tracks application usage in real-time by providing overview usage

statistics, per-computer usage information, and usage statistics that you can query (e.g., which

computers have used Excel in the last 6 months?).

Patches for Windows Overview: Displays a real-time live view of the Windows Patches available for

your network, including graphs of severity, and an analysis of patch deployment.



Wizards Menu

The content of the Wizards Menu depends entirely on which Wizards you have downloaded, which in turn

depends on which sites you have subscribed to. Wizards are programs that ask for specific user input to

streamline some common repetitive tasks. The following is a small sampling of some of the available Wizards:

BigFix AntiPest

(Powered by

PestPatrol)

Configuration

Wizard

Helps you to deploy PestPatrol anti-spyware across your BES network, including scanning and quarantine options.

File Pre-Cache

Wizard

This Wizard helps you to enable pre-caching of files on BES Servers and Relays,

improving download efficiency.

Windows

Software

Distribution

Wizard...

This Wizard helps you to deploy software applications to your networked windows

client computers.

Location

Property

Wizard...

This Wizard helps you to create a property that can identify the geographic location of the client computers on your network, based on the subnet address and a lookup

table.

Windows

Registry

Wizard...

This Wizard helps you to edit the Windows Registry on your networked client computers.

Microsoft Patch

Rollback Task

Wizard...

This Wizard helps you to roll back a given Microsoft patch on your networked windows client computers.

BigFix Asset

Discovery Nmap

Configuration

Wizard...

This Wizard enables you to schedule periodic Nmap (network map) scans of your network using predefined Scan Points.



Window Menu

The Window Menu offers the following commands:

Help Menu

The Help Menu offers the following commands:

Close All Close all the windows in the workspace.

Cascade Overlap all the open windows in the workspace.

Tile Tile all the open windows in the workspace.

Arrange Icons Convert open windows to icons that you can arrange in the window.

Numbered

Windows

This is a list of the windows that are currently open. Click on one to bring it to the top.

Contents Provide integrated help.

Visit

support.bigfix.com Launch a browser to view the BigFix support site.

About BES

Console... Display the version number of the program, along with a URL for support.

BES Console Guide Page 80 DIALOGS


Dialogs

About BES Console

The About dialog displays the version of the BigFix Enterprise System (BES) Console. It also includes a URL

for tech support and a list of the developers.

This dialog is available by selecting:

Help > About BES Console...

Action: Computers

You can view the status of an action as it is deployed across your network. Just click the Actions tab and

double-click on the desired action from the list. The Action will open up in its own document window,

displaying details of the deployment.

The Computers tab of the Action document displays a filter/list of the computers targeted by the action, along with the current status of each. This set of computers was targeted when the action was initially specified, either

explicitly from a list or indirectly by retrieved property. The deployed actions progress through a series of well-

defined stages on a given computer. This dialog lets you track all the stages of each action across all targeted computers. This dialog has the same features as the main Computers tab, but is constrained by the selected

Action.

This dialog is available by clicking the Actions tab and double-clicking on an action from the list. Then click

the Computers tab in the Action document window.



Action Document

An Action document is displayed in the bottom window of the BES Console when you open an action from

any action list. You can do this by double-clicking an item or right-clicking and selecting Open from the pop-

up menu. In the bottom panel you will see a document like this:

At the top of the Action document you'll find the name, a time stamp, the issuer's name, how many computers

were affected and how many were fixed.

There are three tabs in an Action document. They are:

Summary: An HTML display of various action attributes, including Status, Behavior (Message, Users, Execution, Post-Action), Relevance, Success Criteria and Action Script. At the bottom of the page is a

text box for entering a comment.

Computers: A list of the BES Clients that have responded to this action. This is a typical filter/list panel for computers; click on a filter in the left panel to narrow down the list of computers in the right

panel. When an action has propagated, this tab changes to Reported Computers.

Target: Shows what subset of computers was originally targeted by the action.

An Action document is opened whenever you double-click an item in an action list. To display an action list,

click the Actions tab.



Action History Tab

The Action History tab lists the deployment history of the action(s) associated with the selected Fixlet, Task or

Baseline document. In order to see something in this dialog, you typically must have an Action still pending. The list can be sorted by clicking the headers and filtered by the options in the left panel. Along with the Action

ID and name, the percentage of completion (based on the number of BES Clients reporting success) is included

in the list.

This dialog is available by opening a Fixlet, Task or Baseline from the appropriate list and clicking the Action

History tab.

Action Site Signing Key

This dialog prompts the BES Console operator to supply private key that is needed to authorize actions before

they can be deployed. You can also invoke this dialog to change the password for your Action signing key.

The BES Console operator must obtain a private key (publisher.pvk) from the BES Site Administrator, who

must first create it using the BES Authorize Tool. Once these keys have been created, the BES Site Administrator will hand them out to authorized personnel, who can then propagate Actions. To sign an action,

the authorized BES Console operator must browse to the appropriate private key (typically stored on a

removable disk or memory stick) and provide a password.

You can see this dialog by selecting Tools > Manage Signing Key.

Action Parameter

This dialog box makes a request for extra information required by the Action or group of Actions before

execution.



Action Progress Report

This dialog box shows the progress of an action as it is applied across the Fixlet network. First, it shows the

progress of any downloads (patches, updates, etc.). If there are files to download, it displays the name of the downloaded file, the total number of bytes, the current amount downloaded, the transfer rate and the estimated

time to completion.

The Actions may go through several states as they are collected, evaluated and run by the clients. These states

include:

Running: The Action is currently executing.

Evaluating: The Action is still evaluating its relevance. Failed: The Action has failed to execute properly.

Cancelled: The user has cancelled the Action.

Download Failed: The Action failed to complete the download. Locked: The computer is locked and can't execute the action.

Offers Disabled: Offers cannot be presented on the specified client, so the Action will never run.

Waiting: The Action is waiting on a user response.

Pending Downloads: The Action is waiting on downloads. Pending Restart: The Action is waiting for a restart from the Client computer.

Pending Message: The Action is waiting for the user to accept the Action message.

Pending Login: The Action is waiting for the user to login for a user-assisted Action. Pending Offer Acceptance: The Action is waiting for the user to accept the offer.

Constrained: The Action has been constrained by a Relevance statement that has failed to become

TRUE. Expired: The Action has passed its expiration date.

Postponed: The Action has been postponed by the Client.

Invalid Signature: The Action can't run due to an invalid signature.

Not Relevant: The Action is not relevant on this Client. Not Reported: The Action has not reported its success or failure.

Error: The Action has resulted in an error.

Fixed: The Action has completed, resolving the issue.



Action Script Tab

The Action Script tab of the Take Action dialog lets you improvise your own action scripts. We highly

recommend that you use the action scripts that come with each Fixlet. But should you want to customize the

scripts for any reason, you can do it here. There are two buttons in this dialog:

Use the action script specified in the Fixlet message: This is the default for most Fixlet actions, and is

the recommended option.

Use the following action script: If you opted to create a custom action script when you deployed this

action, this button will be selected, and the following two items will determine the course of the action: Action Script Type: The type of action script you want to use for this script. Some of the

options include:

BigFix Action Script: This is the standard scripting language for BigFix actions. AppleScript: This is Apple's scripting language for controlling computer resources.

sh: indicates that the action is a shell script, intended to be run by a linux / unix / bsd

shell. Action Script: Type your action script into this text box. The default is the prepackaged action

script that came with the original Fixlet message. You can modify the existing script, or enter

an entirely new script. Scripting is powerful and can have huge ramifications. Make sure to test

your action on a small scale before you deploy it on your entire network!

This dialog is available by selecting a Fixlet message from any list, then clicking an action button. From the

Take Action dialog, select the Action Script tab.

Action Settings

The Action Settings dialog lets you apply Action Settings to a new or customized Fixlet message, Task or

Baseline. Using the lock icons to the right of the screen, you can lock the individual items in this dialog to

restrict what sorts of actions can be taken from this custom content.

At the top of this dialog is the Name of the Action. It is editable, should you wish to rename it or add

extra information to it.

Below the Name box are some buttons that allow you to save or re-use your Action values:

Preset: This is a pull-down menu with the names of your existing presets. Click on one to

automatically fill out your Action settings.

Show only personal presets: Check this box to limit the presets to your own personal presets. Save Preset: After creating custom settings for an Action, you can save them for later re-use.

Delete Preset: Select a preset and then click this button to delete it.



This body of the dialog contains several tabs, including:

Execution: This tab allows you to set constraints on the Action, including starting and ending dates and

run windows. You can also set up retry counts (in case the Action fails or reverts) and allow the

deployment to be distributed over a period of time to minimize the network load. Users: Allows you to specify whether or not you require a logged-on user (or specified group of users)

to be present before running the Action.

Messages: Specify informative messages to be displayed on the targeted BES Clients, along with

options for end user interaction. Offer: This tab allows you to convert this Action into an Offer, which will trigger the display of an

HTML user interface on select BES Clients. The user has the option to select these Offers from a list.

Post-Action: Specify a follow-up behavior for the Action, such as a restart or shutdown, including

appropriate warning messages.

To lock or unlock any of the items under these tabs, simply click on the lock icons to the right.

When you've finished specifying your Action settings, click OK. You will need to enter your password before

the BES Console will issue the Action. When you do, a progress dialog will pop up to keep you posted on the

deployment.

This dialog is available when you create or customize a Fixlet message, Task or Baseline. For Tasks and Fixlet

messages, select the Actions tab, check the box next to Include action settings locks and click the Edit button to see this dialog. When creating or customizing a Baseline, click the Components tab, check the box next to

Use custom action settings and click the set actions settings link.

Action: Summary

The Summary tab of the Action document shows various attributes of the selected Action. These settings were created when the Action was initially specified. (To change these values, see Take Action). To view this

information for a specific Action, click on the Action tab and select the desired Action from the list.

Information about the Action will be displayed in the bottom window. Click on the Summary tab. You will see

the following summary:

Status: Shows the basic status, indicating how many computers have Reported, or are Waiting, Running or Finished with this Action.

Downloads: This section indicates the disposition of the download (if applicable), whether in progress

or completed and where the download has been cached. Source: This section displays the Fixlet that gave rise to this Action. It includes a link to the Fixlet

should you wish to see more information.



Behavior: This section displays certain behavioral information about the Action, including:

o Messages: Describes any messages that should be displayed either before or during the

execution of the specified Action. o Users: Lists the requirements for user intervention in the Action. Allows a user interface to be

presented to select user groups.

o Execution: Contains information about the execution of the Action, including ending time,

reapplication and what should happen if the Action fails. o Post-Action: Provides information about what should happen -- including restarting or shutting

down -- after the application of the Action.

Details: This section displays information about the underlying Relevance expressions and Action scripts.

o Relevance: This is a full listing of the relevance statement that will determine the targeting of

this Action. o Success Criteria: Describes what criteria will be used to determine the successful conclusion

of the Action.

o Action Script: This is a listing of the script that will be executed if this Action is relevant to the

client computer.

Comments: This is a text box that allows you to attach a comment to the Action.

This dialog is available by clicking the Actions tab and double-clicking on an Action from the list. Then click

the Summary tab in the Action document window.

Action: Target

The Target tab of the Action document presents a read-only display. It shows which computers were originally

targeted when the action was initiated. (To set these values, see Take Action - Target).

There are three radio buttons at the top of this dialog:

Specific Computers selected in the list below. The currently displayed computer list (typically just the relevant computers) guides the application of actions. This is the default behavior.

All computers with the Retrieved Properties values selected in the tree below. This button causes

continued evaluation of the specified retrieved property across your network. In essence, an action targeted like this is waiting for any BES client computer to change some retrieved property, like its OS

or its disk space. Short-term or one-time Fixlets will typically need an expiration date (look under the

Execution tab). Policy Fixlets, on the other hand, are often open-ended. The computers specified in the list of names below. If this option was selected, you will see a list of

computers that will be targeted for this action.

This dialog is available by clicking the Actions tab and double-clicking on an action from the list. Then click

the Target tab in the Action document window.



Actions Tab

The Actions tab allows you to follow the progress of all the Fixlet Actions that have been deployed across your

network to date. Click the Actions tab to bring up a filter panel and a list of Fixlet Actions:

This screenshot shows the filter panel on the left, the list on the right, and the right-click menu.

The list includes every Action generated on this network, deployed from the Take Action dialog. The filter

panel on the left helps you winnow down the list of Actions on the right. The folders in the filter panel also correspond to the column headers in the Action list, so you can filter the list and then sort the remaining items.

These are some of the filtering and sorting field names:

ID: A numeric identifier assigned by BES to label each action.

State: The current status of the action as it attempts to execute.

Name: The name associated with the action, typically the same as the Fixlet name. % Complete: Represents the percentage of targeted computers where the Action has completed.

Site: The name of the Fixlet Site associated with the action. Actions used to apply settings will have a

blank Site name. Issued By: The database user name of the person who authorized this action.

Time Issued: A time stamp for when the action was issued.

The right-click menu presents you with some common commands:

Open: Open this Action in the Action document window.

Copy: Copy this Action to the clipboard, so you can paste it into a text window, such as notepad or

wordpad. Select All: Select all the Actions in this list.

Open Source Fixlet Message: Displays the Fixlet source code, including the relevance and the Action

script. Show Action Info: Bring up the Show Action dialog.



Stop Action: If the Action is still open, you can stop it by selecting this option.

Restart Action: If the Action has been stopped, you can restart it with this option.

Delete Action: Remove this Action from the list. Add Comment: Opens a dialog box, allowing you to attach a comment to this action.

Export Action: Lets you export this action to an XML (.bes) file which can be imported by other users.

Take Custom Action: Lets you create a custom action and deploy it.

To learn more about an Action, double-click on it from the list or right-click and choose Open from the pop-up

menu. That will bring up an Action document in the work area below.

This dialog is available by clicking the Actions tab or selecting View > Actions.

Add Comment

The Add Comment dialog lets you attach an explanatory comment to Fixlet messages, Tasks, Baselines,

Actions, Computers, Computer Groups and Analyses. The comment you enter here will then appear in the

Description or Summary tab when you open one of these items in the workspace.

This dialog is available by right-clicking on an item from one of the tabbed lists and selecting Add Comment

from the context menu.

Add Custom Setting

This dialog box lets you create a custom Name/Value setting that will apply to the selected computer. Type a

name for the variable in the first input box, and type the value of the variable in the second box. This can be

useful for naming or otherwise attaching text or numeric values to a computer or set of computers.

This dialog is available from the Edit Computer Settings dialog. Right-click on a computer from any listing,

select Edit Computer Settings from the pop-up menu and then click the Add button.



Analyses Tab

The Analyses tab displays custom reports from the BES Clients on your network, allowing you to analyze

software configurations, registry settings and other policy implementations across your network. When you

click the Analyses tab, you will see a filter/list:

This screenshot shows the filter panel on the left, the list on the right, and the right-click context menu.

Select an item from the filter panel on the left to narrow the list down to a more manageable size. You can sort the list on the right by clicking the desired column header. Click again to change from ascending to descending

order. The column headings include:

Name: The name assigned to the Analysis by the author.

Status: The activation state of the Analysis. Site: The name of the site that is generating the relevant Analysis.

Applicable Computer Count: The number of BES Clients in the network currently being analyzed.

Activated By: The name of the Console operator who has activated this analysis.

Time Activated: The date and time the analysis was activated.

The right-click menu has these options:

Open: Open this analysis for more information in the analysis area below. Copy: Copy this info to the clipboard for pasting into a text box, such as notepad or wordpad.

Select All: Select all the analyses in this list

Globally Hide: Hide this analysis from all Console operators. It will still remain in the database, but will not be displayed on any BES Console.



Globally Unhide: To see or recall any Globally Hidden Analyses, select Globally Hidden Analyses

from the left panel, right-click the Analysis you wish to recover and select this option from the pop-up

menu. Locally Hide: Hide this analysis from the currently logged-in Console operator. It will still remain in

the database.

Locally Unhide: To see or recall any Locally Hidden Analyses, select Locally Hidden Analyses from

the left panel, right-click the Analysis you wish to recover and select this option from the pop-up menu. Activate: If the selected analysis is not running, start it up. This will evaluate the retrieved properties

behind the analysis.

Deactivate: If the analysis is currently running, this option will stop it. Add Comment: Attach a comment to the Analysis.

Edit: Brings up a dialog letting you edit the specified custom analysis.

Remove: Remove an analysis from the list. Export: Export an XML (.bes) file containing the Analysis that can be sent to other users for import.

Create New Analysis: Create a new analysis from scratch.

To learn more about an Analysis, double-click it from the list or right-click and choose Open from the pop-up

menu. That will bring up an Analysis document in the work area below.

This dialog is available by clicking on the Analyses tab, or selecting View > Analyses.



Analysis Document

An Analysis document is displayed in the bottom window of the BES Console when you open an item from an

Analysis list. You can do this by double-clicking an item or right-clicking and selecting Open from the pop-up

menu. In the bottom panel you will see a document like this:

At the top of the Analysis document you'll find the name, a time stamp, the issuer's name, how many computers

responded and how many retrieved properties are in this analysis.

There are several tabs in an Analysis document. They include:

Description: An HTML page describing the Analysis, along with a link to activate or deactivate the

Analysis. Details: An HTML page listing the various Analysis attributes, including Properties and Relevance. At

the bottom of the page is a text box for entering a Comment attached to the Analysis.

Results: A dialog displaying the results of the Analysis. This tab is only visible for an activated Analysis.

Applicable Computers: A list of the BES Clients where this Analysis is applicable. This is a typical

filter/list panel for computers; click on a filter in the left panel to narrow down the list of computers in

the right panel.

An Analysis document is opened whenever you open an item in an Analysis list. To display an Analysis list,

click the Analyses tab.



Applicable Computers Tab

The Applicable Computers tab displays all the networked computers that are affected by the currently selected

Fixlet, Task, Analysis or Baseline object. This is a filter/list view with a filter panel on the left, allowing you to

narrow down the displayed list of computers. To do so, open a retrieved property or group from the left panel

and select a value to filter the list.

Like other filter/lists in the BES Console, you can sort it by clicking on the column headers. You can add or

remove header properties by right-clicking in the header row.

This list looks and acts like the Computers tab from the top Console window, but it only lists the subset of

computers where this specific issue is applicable.

This dialog is available by opening a Fixlet, Task, Analysis or Baseline from the appropriate list and clicking

the Applicable Computers tab.

Applicability Tab

The Applicability tab can be found in various Action dialogs. It lets you determine what criteria will be used to judge the relevance of a Fixlet Action. It is strongly recommended that you use the original Relevance

expression, but you may want to customize it to better suit your needs. For instance, you might want to AND

the entire expression with inclusion in a specified computer group to narrow its scope.

Run this action on computers for whom:

The relevance clause from the original Fixlet or Task Message evaluates to true. This is the default action, and the one most recommended.

The following relevance clause evaluates to true. In certain circumstances, you may wish to define a

more or less restrictive criteria for applicability.

If you opt for the second choice, the text box below becomes editable and you can revise the original Relevance

clause, which is the default value.

This tab is available from several different dialogs:

Take Action, Take Multiple Actions, and Edit Computer Settings.

Assign User Management Rights

The Assign User Management Rights dialog lets you add or delete computers from an operator's purview.

This dialog displays the current set of computers that can be managed by the selected Console operator and lets

you add or delete computers from that set. There are two buttons in this dialog:

Add: Add new computers to the current set of computers. This brings up a standard filter/list box of the computers on your network. Use the values of the retrieved properties to filter down the group of

computers for this operator. The use of retrieved properties -- including custom properties -- makes it

simple to group computers. For instance, you may want to group computers by their operating system



or cpu type. Or you might create a special computer setting, like department or location, and use that to

parcel out management rights to the selected operator. Or there may be computers using particular

applications that you want to assign to specialists in your organization. Delete: This button lets you delete computers from the domain of this operator. It will bring up a dialog

that will let you choose which retrieved property filters you want to delete. (If a single filter was

defining the rights, when you select Delete, it will do so without bringing up this dialog.)

This dialog is available by selecting the Console Operators tab, right-clicking on any operator in the list and

choosing Assign User Management Rights from the pop-up menu (or choose Assign User Management

Rights from the Edit menu). You must have logged in with Administrator rights to view this tab.

Baseline Component Applicability Tab

The Baseline Component Applicability tab of the Computer document displays a list of Baseline

Components that are applicable to the selected computer. The components are listed by their number as defined in the Baseline, the name of the component, the group it is associated with and whether or not it is relevant to

the specified computer.

This dialog is available by opening an item from any Computer list and clicking the Baseline Component

Applicability tab.



Baseline Document

A Baseline document is displayed in the bottom window of the BES Console when you open an item from any

Baseline list. You can do this by double-clicking the Baseline or right-clicking and selecting Open from the

pop-up menu.

At the top of the Baseline document you'll find the Baseline name, the site name and on the right, the number of

applicable computers and open actions.

There are several tabs in a Baseline document. They include:

Description: An HTML page describing the Baseline and a set of Actions (implemented as links) that are designed to address the problem described.

Details: An HTML page describing the Properties, Relevance clauses and Action scripts behind the

Baseline. At the bottom of the page is a text box to enter a comment to attach to the Baseline. Components: Lists the Fixlet messages and Tasks that have been grouped into this Baseline.

Applicable Computers: Shows what subset of computer components this Baseline targets.

Component Applicability: Displays a filter/list of the components of the Baseline. It lists the number of computers where the Baseline is currently applicable and, after a slash, the number where it it not.

Double-click on an item in the list to bring it up for inspection.

Action History: Shows the history of any Actions that have been invoked by this Baseline.

A Baseline document opens whenever you click an item in a Baseline list. To display a Baseline list, click the

Baseline tab.



Baselines Tab

A Baseline is a collection of Fixlets and Tasks that you wish to execute with a single command, providing a

common base for all targeted computers. The Baselines tab displays all the Baselines that have been defined on

your network, along with their properties, that you can select for deeper inquiry. When you click the Baselines

tab, you will see a filter/list:

This screen shot shows the filter panel on the left, the list on the right, and the right-click context menu.

Select an item from the filter panel on the left to winnow the list down to a more manageable size. You can sort

the list on the right by clicking the desired column header. Click again to change from ascending to descending

order. The column headings are:

Name: The name assigned to the Baseline by the author. ID: A numerical ID assigned to the Baseline by the author.

Site: The name of the site that is generating the relevant Baseline.

Applicable Computer Count: The number of BES Clients in the network currently targeted by the

Baseline.

Open Action Count: The number of actions open for the given Baseline.



The right-click context menu has these options:

Open: Open the selected Baseline for more information in the computer document area below.

Copy: Copy this info to the clipboard for pasting into a text box, such as Notepad or Wordpad.

Select All: Select all the Baselines in this list Globally Hide: Hide this Baseline from all BES Console operators. It will still remain in the database,

but will not be displayed on any BES Console.

Globally Unhide: To see or recall any globally hidden Baselines, select Globally Hidden Baselines

from the filter panel in the upper left of the screen. Right-click a hidden Baseline and select Globally Unhide Baseline.

Locally Hide: Hide this Baseline. It will still remain in the database, but will not be displayed on this

particular BES Console. Locally Unhide: To see or recall any locally hidden Baselines, select Locally Hidden Baselines from

the filter panel in the upper left of the screen. Right-click a hidden Baseline and select Locally Unhide

Baseline.

Take Default Action: Baselines often have a default action which can automate their deployment. You can also highlight multiple Baselines and, if they all have default actions, automate the entire

deployment.

Add Comment: Create a comment that will be attached to this Baseline. Edit: Bring up a dialog that lets you edit a previously defined custom Baseline.

Remove: Delete the selected custom Baseline from the list.

Create Custom Copy: Copy the selected Baseline so you can customize it. Export: Outputs an XML (.bes) file that can be shared with other users.

Add To New Baseline: Create a new Baseline and add the highlighted Baseline to it. Everything in the

highlighted Baseline becomes part of the first component group in the new Baseline.

Add To Existing Baseline: Add the Baseline specified in the secondary menu to the highlighted Baseline.

Create New Baseline: Create a custom Baseline from scratch.

To learn more about a given Baseline, double-click it from the list or right-click and choose Open from the

pop-up menu. That will bring up a Baseline document in the work area below.

This dialog is available by clicking on the Baselines tab. You can also add Fixlets and Tasks to a Baseline by

highlighting them and selecting Add To Existing Baseline from the context menu.

Change Database Password

The BES Console allows you to change the database password if you have the proper authorization. Enter the

current password, then enter and validate the new password.

NOTE: This dialog is not available if you are using using NT Authentication and thus aren’t using a password to connect to the database.

This dialog is available when you select File > Change Database Password.



Change Private Key Password

The BES Console allows you to change your private key password. Enter your current password, then enter and

validate the new password.

This dialog is available when you select Tools > Manage Signing Keys > Change Password.

Comments

BES Console Operators can make comments on most of the BES objects, including Fixlets, Tasks, Actions, Computers, etc. These comments can be created whenever an object like a Fixlet is selected and displayed in

the main BES window. Here's how to create a comment for a Fixlet message:

1. Click on the Fixlet Messages tab in the main BES window.

2. Right-click on the desired Fixlet and select Add Comment.

3. Type your comment into the dialog box that pops up. 4. Alternatively, you can double-click a Fixlet message, select the Details tab and enter your comment at

the bottom of the page.

Similarly, you can attach comments to Tasks, Actions, Computers and Analyses. These comments can include

keywords or operating notes. You might want to have special information about certain computers, or usage

pointers for special Tasks. This is a free-form field, so you can make up your own rules for commenting.

To view an aggregated list of all comments, select View Recent Comments from the Tools menu. This dialog lists all the comments created to date, sorted by time-stamp, with the most recent comments at the top. The

name of the Console Operator responsible for the comment is listed next to the description. Each comment

contains a link that will open up the original object in the main window, allowing you to view the description

and other aspects of the object.

Component Applicability Tab

The Component Applicability tab of the Baseline document displays a list of how many computers have been

targeted by the specific component. The components are numbered, corresponding to their order under the

Components tab.

Following the number is the name of the component and then the Applicable Computer Count. This column is

composed of multiple numbers in a form like '35/10 (4 unknown)'. The first number is the count of computers

where the component is applicable, the second is the number where it is not. In this case, out of the 49 total

computers targeted by this Baseline component, 35 are applicable, 10 are not and 4 are still unknown.

Double-click on any item in the component list to bring up its corresponding document.

This dialog is available by opening an item from any Baseline list and clicking the Component Applicability

tab.



Components Tab

The Components tab of the Baseline document displays a list of all the component Fixlet messages and Tasks

that have been grouped into this particular Baseline. Click on the links beneath each component to view the

source Fixlet or Task, or to see the actual code behind the Relevance statements and Action scripts.

The components of a Baseline are copies of the original Fixlet or Task, not pointers. As such, if the underlying Fixlet or Task should change, the Baseline may become out of sync with the original. If this happens, the

message Source Fixlet differs will show up in the component listing.

This dialog is available by opening an item from any Baseline list and clicking the Components tab.

Computer: Action History

The Action History tab provides a listing of all the actions that have been deployed on the specified computer.

Note that unlike the general action list for all computers available from the main Actions Tab, this list contains

only actions targeted to the selected computer.

The Action History list has options similar to the main Actions tab.

To view more information about a particular action, double-click on it. That will bring up the corresponding

Action document in the bottom panel.

This dialog is available by clicking the Computers tab and double-clicking on a computer from the list. Then

click the Action History tab in the Computer document window.

Computer: Applicable Tasks

The Applicable Tasks tab of the Computer document lists all the Tasks that are relevant to the selected

computer. This filter list is updated in real-time, refreshing its display as Tasks are reevaluated.

This dialog has the same options as the main Tasks tab.


click the Applicable Tasks tab in the Computer document window.



Computer Document

A Computer document is displayed in the bottom window of the BES Console when you open an item from

any computer list. You can do this by double-clicking on the item or right-clicking and selecting Open from the

pop-up menu.

Click on the Summary tab to see essential information about this computer. Here you'll find the name,

information about the processor and operating system, how many Fixlet messages are relevant to this computer,

and how many actions are open.

There are several tabs in a Computer document. They include:

Summary: Displays a list of properties that are being retrieved from this computer, as well as the

Client Relay Status, Group Memberships, Custom Sites, Settings and Comments. Relevant Fixlet Messages: A list of the Fixlet messages that are currently relevant on this computer.

These can be winnowed down using the filter tree in the left panel, then sorted by clicking on the

column headers. Applicable Tasks: Lists the Tasks that apply to this computer.

Relevant Baselines: Lists the Baseline items (Fixlets and Tasks) that have been assigned to this

computer.

Baseline Component Applicability: Shows what components of specified Baselines are applicable to this computer.

Action History: Shows what Fixlet actions have been applied to this computer.

Management Rights: Displays the names of the authorized operators for this computer.

A Computer document is opened whenever you open (double-click) an item in any Computer list. To display

the main Computer list, click the Computers tab.

Computer Group: Actions

The Actions tab of the Computer Group document provides a listing of all the Actions that are open or have

been deployed on the specified Computer Group. This dialog has the same options as the main Actions Tab,

but contains only Actions targeted to the selected Computer Group.

To view more information about a particular Action, double-click on it. That will bring up the corresponding

Action document in the bottom panel.

This dialog is available by clicking the Computer Groups tab and double-clicking on a Computer Group from

the list. Then click the Actions tab in the Computer Group document window.



Computer Group: Analyses

The Analyses tab of the Computer Group document provides a listing of all the Analyses that have been

deployed and allows you to filter them for the specified Computer Group. This dialog has the same options as

the main Analyses Tab.

To view more information about a particular Analysis, double-click on it. That will bring up the corresponding

Analysis document in the bottom panel.


the list. Then click the Analyses tab in the Computer Group document window.

Computer Group: Baselines

The Baselines tab of the Computer Group document provides a listing of all the Baselines that have been deployed on the specified Computer Group. This dialog has the same options as the main Baselines Tab, but

contains only Baselines targeted to the selected Computer Group.

To view more information about a particular Baseline, double-click on it. That will bring up the corresponding

Baseline document in the bottom panel.


the list. Then click the Baselines tab in the Computer Group document window.

Computer Group: Computers

The Computers tab of the Computer Group document provides a listing of all the computers that have been

manually selected to be a part of the specified Computer Group. This dialog is displayed for Manual Computer

Groups only. It has the same options as the main Computers Tab, but contains only computers belonging to

the selected Manual Computer Group.

To view more information about a particular Computer, double-click on it. That will bring up the corresponding

Computer document in the bottom panel.

This dialog is available by clicking the Computer Groups tab and double-clicking on a Manual Computer

Group from the list. Then click the Computers tab in the Computer Group document window.



Computer Group: Description

The Description tab of the Computer Group document provides information about a selected Computer

Group. It contains different information depending on whether the group is Automatic or Manual:

Automatic Computer Groups contain several sections:

Group Definition: This is a listing of the properties that specify the inclusion of a computer into the group. Each is a clause of the form <property> <relationship> <value>. For instance, OS contains

"win", would create an Automatic Computer Group consisting of Windows machines.

Targeting Relevance: This is the full Relevance expression that implements the property evaluation

described above. Click on show indented relevance to see a formatted version of the expression. Comments: This is a text box to enter a comment that will be attached to the Computer Group for other

operators to view.

Manual Computer Groups only contain a Comment box. The information you enter here will be attached to

this Computer Group and become available to other BES Console operators.


the list. Then click the Description tab in the Computer Group document window.

Computer Group Document

A Computer Group document is displayed in the bottom window of the BES Console when you open an item

from any Computer Group list. You can do this by double-clicking on the item or right-clicking and selecting

Open from the pop-up menu. You will see a window like this:

At the top of the Computer Group document you'll find the name of the group, the group id and the number of

members in the group.



There are several tabs in a Computer Group document, and they may differ according to the group type. They

include:

Description: For an Automatic group, this tab will display the Group Definition (as a list of property-

associated Relevance expressions), the Targeting Relevance clause that implements the group definition, and a comment box. For a Manual group, this tab will display a comment box only.

Reporting Computers: Only displayed for Automatic groups, this tab is a list of the computers that are

currently considered members of the group, based on properties and Relevance. This is a filter/list

panel, allowing you to narrow down the list by selecting from the filtering folders on the left side. Computers: Only displayed for Manual groups, this tab is a list of the computers that have been

manually selected to be members of the group. This is a filter/list panel, allowing you to narrow down

the list by selecting from the filtering folders on the left side. Fixlets: Lists all the Fixlet messages that apply to this Computer Group.

Tasks: Lists all the Tasks that apply to this Computer Group.

Baselines: Lists all the Baselines that apply to this Computer Group.

Actions: Lists all the Actions that are open or that have been executed or stopped in this Computer Group.

Analyses: Lists all the Analyses and allows you to filter them by Computer Group.

A Computer Group document is opened whenever you open (double-click) an item in any Computer Group list.

To display a Computer Group list, click the Computer Groups tab.

Computer Group: Fixlet messages

The Fixlets tab of the Computer Group document provides a listing of all the Fixlet messages that have been targeted to the specified Computer Group. This dialog has the same options as the main Fixlet messages Tab,

but contains only Fixlet messages targeted to the selected Computer Group.

To view more information about a particular Fixlet message, double-click on it. That will bring up the

corresponding Fixlet message document in the bottom panel.


the list. Then click the Fixlet messages tab in the Computer Group document window.

Computer Group: Reporting Computers

The Reporting Computers tab of the Computer Group document provides a listing of all the computers that

have been automatically chosen to be a part of the specified Computer Group by virtue of their property values. This dialog is displayed for Automatic Computer Groups only. It has the same options as the main Computers

Tab, but contains only computers reporting to the selected Computer Group.

To view more information about a particular Reporting Computer, double-click on it. That will bring up the

corresponding Computer document in the bottom panel.

This dialog is available by clicking the Computer Groups tab and double-clicking on an Automatic Computer

Group from the list. Then click the Reporting Computers tab in the Computer Group document window.



Computer Group: Tasks

The Tasks tab of the Computer Group document provides a listing of all the Tasks that are applicable to one

or more computers in the specified Computer Group. This dialog has the same options as the main Tasks Tab.

To view more information about a particular Task, double-click on it. That will bring up the corresponding

Task document in the bottom panel.


the list. Then click the Tasks tab in the Computer Group document window.

Computer Groups Tab

The Computer Groups tab displays all the BES Client Computer Groups on your network, along with their

properties, that you can select for further inquiry. When you click on the Computer Groups tab, you will see a

filter/list:


Select an item from the left panel to filter the computer list. You can sort the list by clicking on the desired

column header. Click again to change from ascending to descending order. The default column headings

include (but are not limited to):

Name: The name of the computer group.

Type: The type of computer group, either Automatic or Manual. Site: The site that is hosting the computer grouping.

Member Computer Count: The number of computers currently assigned to the group.




Open: Open this computer for more information in the computer document area below.

Copy: Copy this info to the clipboard for pasting into a text box, such as notepad or wordpad.

Select All: Select all the Computer Groups in this list Create Custom Copy: Copy the properties of the group so you can customize them.

Edit Group Properties: Bring up a dialog that will allow you to redefine Manual and Automatic

Group properties.

Remove Group: Delete this group from the hosting site. Add Comment: Attach a comment to the selected computer group.

Export Group: Save this group description as an XML (.bes) file for sharing with other users.

Create New Automatic Group: Specify the properties that will be used to define a new computer

group.

To learn more about a computer group, double-click on it from the list or right-click and choose Open from the

pop-up menu. That will bring up a Computer Group document in the work area below.

This dialog is available by clicking on the Computer Groups tab or selecting View > Computer Groups.

Computer: Management Rights

The Management Rights tab of the Computer dialog lists the operators who are currently granted

management rights to apply actions to the specified computer. You can filter this list by using the filter tree in

the left panel. The list has three headers:

Name: The name of the Console operator who has been granted rights.

Master Operator: A Yes or No flag that indicates if the rights manager is also a BES Master Operator.

Last Login Time: The last time this operator logged in to the BES System

.


click the Management Rights tab in the Computer document window.

Computer: Relevant Baselines

The Relevant Baselines tab of the Computer document lists all the Baselines that are applicable to the selected

computer. This filter/list is updated in real-time, refreshing its display as Baselines are reevaluated.

This dialog has the same options as the main Baselines tab.

This dialog is available by clicking an item in any Computer list. Then click the Relevant Baselines tab in the

Computer document window.



Computer: Relevant Fixlet Messages

The Relevant Fixlet Messages tab of the Computer document lists all the Fixlet messages that are relevant to

the selected computer. This filter list is updated in real-time, refreshing its display as Fixlet messages are

reevaluated.

This dialog has the same options as the main Fixlet Messages tab.


click the Relevant Fixlet Messages tab in the Computer document window.

Computer: Summary

The Computer Summary tab lists several items of interest, including Properties, Relay status, Grouping,

Custom Sites, Settings and more.

The Properties section of the Summary lists various properties of the given computer, derived from Relevance

Expressions. These properties help you define subsets, sorting fields, reports and grouping criteria for the

various client computers under BES administration.

The default properties include, but are not limited to:

Computer Name: The name of the computer.

User Name: The name of the BES Client user.

OS: The operating system of the given computer.

CPU: The speed and type of CPU. Locked: The locked status (Yes or No) of each computer.

Last Report Time: The time that the computer last reported.

RAM: The amount of RAM in the given computer. Version of IE: The version of Internet explorer on the given computer.

Free Space on System Drive: How much room is available on drive C of the given computer.

Total Size of System Drive: The total size of drive C on the given computer. BIOS: The version and date of the Basic Input/Output System.

Active Directory Path: The position of the BES Client within the Active Directory hierarchy.

ID: The ID number of the BES Client computer, set automatically.

You can find out more about these predefined properties in the sections on computer properties and Relevance

Expressions.

The next section in the Computer Summary is the BES Client Relay Status, which identifies the status of the

chosen computer as a Server, Relay or Client.

The next section lists any Groups, automatic or manual, that this computer is a member of.

The following section lists any Sites that this computer is subscribed to, including external sites, operator sites

and custom sites.



The next sections contain a list of Settings for this computer, including Client, Relay, Server, Gather and

WebReport settings and the versions of the BES software running on this computer.

At the bottom of the page is a text box where you can enter comments that will be attached to this computer for

future reference.

This dialog is available by clicking the Computers tab and double-clicking on a computer from the right-hand

list. Then click the Summary tab in the Computer document window.

Computers Tab

The Computer tab displays all the BES Client computers on your network, along with their properties, that you

can select for deeper inquiry. When you click the Computers tab, you will see a filter/list:


Select an item from the left panel to filter the computer list. You can sort the list on the right by clicking the

desired column header. Click again to change from ascending to descending order. The default column headings

include (but are not limited to):

Computer Name: The name of the computer.

User Name: The name of the BES Client user.

OS: The operating system of the given computer.

CPU: The speed and type of CPU. Locked: The locked status (Yes or No) of each computer.

Last Report Time: The time that the computer last reported.

RAM: The amount of RAM in the given computer. Version of IE: The version of Internet explorer on the given computer.

Free Space on System Drive: How much room is available on drive C of the given computer.

Total Size of System Drive: The total size of drive C on the given computer.



BIOS: The version and date of the Basic Input/Output System.

Active Directory Path: The position of the BES Client within the Active Directory hierarchy.

ID: The ID number of the BES Client computer, set automatically.


Open: Open this computer for more information in the computer document area below.

Copy: Copy this info to the clipboard for pasting into a text box, such as notepad or wordpad. Select All: Select all the computers in this list

Edit Computer Settings: Edit the settings for this computer.

Modify Custom Site Subscriptions: Brings up a dialog letting you subscribe the selected computer(s) to any of the Custom Sites listed in the pull-down menu. Click the second button to unsubscribe from

the specified site.

Add Comment: Attach a comment to the selected computer(s). Remove From Database: Remove this computer from BES Administration.

View as Group: Create an Ad-Hoc group from the selected computer(s).

Add To Manual Group: Add this computer or set of computers to a named group that can serve to

organize your networked BES Clients. Send Refresh: Send a refresh signal to this computer, forcing it to evaluate its status and return it to the

BES Console.

Send Wake on LAN Request: If the WoL feature is activated, this item will send a request to the to

the specified BES Client(s) to start up.

To learn more about a computer, double-click it from the list or right-click and choose Open from the pop-up

menu. That will bring up a Computer document in the work area below.

This dialog is available by clicking on the Computers tab or selecting View > Computers.

Connect to Database

The Connect to Database dialog pops up when you start the BES Console. It lets you select which BES

Database you wish to manage.

Database: Select the desired database from the pull-down menu.

Username: Enter the user name that will allow you to access the database. The set of allowed users is

maintained by the BES Site Administrator using the BES Administration Tool.

Password: Enter the password that corresponds to the user name above. In some cases, NT will authenticate for

the user. If this is the case, the password box will be grayed out.

This dialog is available when launching the BES Console.

Console Operator: Administered Computers

The Administered Computers tab of the Console Operator document displays a filter/list of all the computers

administered by the selected operator. Like the main Computers tab, you can filter and sort it by retrieved



properties and groups. That means you can use your own custom-created properties or groupings to parcel out

administrative rights. You might use a retrieved property, for instance, to match up specific applications to

experts in your organization. Or you could connect departmental IT managers to their own domains,

automatically.

This list is similar to other computer lists in the BES Console, but it is specific to the selected operator, letting

you focus on one person at a time.

This dialog is available by double-clicking on an operator from any Console Operator list and selecting the

Administered Computers tab.

Console Operator Document

A Console Operator document is displayed in the bottom window of the BES Console when you open an item from any Console Operator list. You can do this by double-clicking on the item or right-clicking and selecting

Open from the pop-up menu.

At the top of the Console Operator document you'll find the name of the operator, the operator's login time, how

many computers are being administered by this operator and how many actions this operator has issued. There

are two or more tabs in a Console Operator document. They include:

Administered Computers: A typical filter/list window containing all the computers under this operator's administration.

Issued Actions: Shows what Fixlet actions have been applied by this Console Operator.

Assign User Management Rights: Shows the management rights that have been assigned to this Console Operator (This tab is only available if you have logged in to the BES Console with the proper

credentials).

A Console Operator document is opened whenever you open an item in a Console Operator list. To display a

Console Operator list, click the Console Operators tab.



Console Operator: Issued Actions

The Issued Actions tab of the Console Operator document displays a filter/list of all the Actions that have

been deployed by the selected operator. Like the main Actions tab, you can filter and sort it by various

properties, including State (open, expired) and Site.

This list is similar to other Action lists in the BES Console, but it is specific to the selected operator, letting you

focus on one person at a time.


Issued Actions tab.

Console Operator: Management Rights Assignment

The Management Rights Assignment tab of the Console Operator document displays a retrieved property

tree. This tab is only available if you have logged in to the BES Console with the proper credentials. If there were any management rights assigned on the basis of a retrieved property (for instance, based on a computer

setting named "department") you will see them here. In this example, as people changed from one department to

another, they would automatically be handed over to a new Console operator.

This is a read-only display. To alter these settings, right-click on an operator from any Console Operator list and

select Assign User Management Rights from the pop-up menu.


Assign User Management Rights tab.

Console Operators Tab

The Console Operators tab displays all the Console operators authorized for your network, which you can

select for individual viewing. When you click on the Console Operators tab, you will see a filter/list:




Select an item from the filter panel on the left to filter the operator list. You can sort the list by clicking on the

desired column header. Click again to change from ascending to descending order. The default column headings

are:

Name: The name of the BES Console operator, as originally authorized. Master Operator: This is a yes or no field indicating whether a given operator has master privileges.

Last Login Time: Records the last time this operator logged in to the BES Console.


Open: Open this operator record for more information in the Operator document area below.


Select All: Select all the operators in this list Assign User Management Rights: Select this option to assign new management rights to the given

operator (only available if you have logged on with the proper credentials).

To learn more about a Console operator, double-click on a name from the list or right-click and choose Open

from the pop-up menu. That will bring up a Console Operator document in the work area below.

This dialog is available by clicking on the Console Operators tab or selecting View > Console Operators.

Create Analysis

The Create Analysis dialog lets you deploy your own custom Analyses to monitor, audit and set policies across your managed network. You can create an Analysis from scratch or you can edit an existing one. To edit an

existing Analysis, select it from the list and choose Edit > Edit Custom Analysis or right-click it and select the

same option from the pop-up menu. This is an excellent way to learn about creating your own Analyses.

To create an original Analysis, choose Tools > Create New Analysis. You will be presented with a dialog with

two text boxes at the top:

Name: Enter the name of your custom Analysis.

Create in site: From the pull-down menu, select the BES site you want to host it.

Beneath these data fields, there are three tabs:

Description: Create a user-readable title and message to accompany the Analysis you wish to run. This

is an HTML page, and you can use the text editing tools at the top to adjust the look of your Analysis.

Properties: Specify retrieved client properties for your Analysis. Click the Add Property button, enter a name and a relevance clause. You can also specify an evaluation period for this property.

Relevance: Specify the target client computers for your custom Analysis via a Relevance clause. The

Analysis will be applied to all computers where the Relevance clause evaluates to TRUE.



At the bottom of this dialog is a check box:

Automatically activate this analysis after it is created: Check this box if you want to immediately

propagate this Analysis upon clicking the OK button. Leaving this blank will let you describe your

Analysis without actually activating it.

You can create a new Analysis by selecting Tools > Create New Analysis, or by right-clicking in the Analysis

window and selecting Create New Analysis from the pop-up menu.

You can edit certain existing Analyses by right-clicking on them and selecting Edit from the pop-up menu.

Create Analysis Properties Tab

The Properties tab of the Create Analysis dialog lets you define the properties you wish to analyze. This is the

customized heart of the Analysis, and is not the same as the Properties tab of the Fixlet, Task or Baseline

dialogs.

There are two buttons in the Property tab:

Add Property. Click this button to bring add a new property to the Analysis. When you do, the text areas below will become editable and you can define the property.

Remove Property. Highlight a retrieved property from this list to the left and click Remove Property to

delete this item from the Analysis.

After clicking the Add Property button, you must enter a Name for the property and a Relevance statement that

will retrieve the information. For instance you might want to retrieve the names of the administrators for each client. You might name the property "Client Admins" and use a Relevance expression like "names of

administrators of client".

You can also set the schedule for the analysis from the Evaluate every pull-down menu. The default is to

update the property value whenever a report is requested. But you can also set it to any regular period between 5

minutes and 30 days.

You can create a new Analysis by selecting Tools > Create New Analysis, or you can edit a custom Analysis

by right-clicking on it and selecting Edit Custom Analysis from the pop up or from the Edit menu.

Create Automatic Computer Group

This dialog allows you to create rules that will automatically enlist specific computers in a group. It has the

following parts:

Computer Group Name: This is a text box to enter the name of your group. This will be listed in the name column of any computer group listing.

Create in site: This is a pull-down menu listing the site you wish to host the computer group.

Include computers with [any/all of] the following property: This option lets you specify a condition that must evaluate to true before the computer will trigger the Baseline. If there is more than one



condition, this option will include a pull-down menu allowing you to use any or all of the conditions

listed. Three fields are used to define a condition:

The retrieved property: select a property from the pull-down list containing dozens of pre-defined retrieved properties. Note that there are two other options at the top of this list.

Select Relevance Expression from the top of the list, select is true or is false from the

relationship pulldown and then click the Edit Relevance button to define a custom

relevance expression to base your group on. Select Group Membership from the property list, select the desired membership

option and then select a manual group from the pull down list to the right.

The relationship: select from the four available comparison operators: contains, equals, does not contain and does not equal.

The value: Enter a value that will be compared to the value of the retrieved property. If the

comparison is true, the Baseline will become relevant on the specified computer.

For instance, to create a group that will automatically enlist Windows computers, enter OS

contains Win. There are two buttons used to edit the list of conditions:

Plus (+): Click this button to add a new condition to the list. When there are two or more conditions, notice that the radio button above will include a pull-down menu allowing you to

trigger on any or all of the conditions in the list.

Minus (-): Click this button to delete the condition associated with it.

Click OK and enter your password to propagate the new Automatic Computer Group that will be listed in the

Computer Groups tab.

This dialog is available by clicking Create New Automatic Group from right-click context menu in the

Computer Groups tab or select Tools > Create New Automatic Group.

Create Custom Site

This dialog lets you enter the name of your custom Fixlet site and specify if you want to distribute the site to all

your networked computers. This will bring up the Site Properties dialog, allowing you set properties and select

those operators you wish to own, write to and read from your custom site.

To create a custom site, select Tools > Manage Sites and then click the Create Custom Site button.

Dashboard Document

Dashboard documents pop up in the main window of the BES Console when you select them from the

Dashboards menu. Dashboards tap into the BES Database to provide you with timely and compact high-level

views of your network.

Different sites make these Dashboards available. For instance the BES License and Inventory site contains the

Application Usage Dashboard, which shows you freshly updated statistics about various executables on your

client computers. Other Dashboards may report on the BES Deployment or the status of your patch rollouts.

A Dashboard appears whenever you open an item from the Dashboards Menu.



Description Tab

The Description tab of provides an English-language description of the selected Fixlet, Task, Analysis or

Baseline. It typically provides one or more actions (in the form of links) that can be executed to install a patch,

change a registry, update an application, run an analysis, etc.

Click on the link or button to deploy the action or analysis across your network. For Fixlet messages, when an Action completes the initiating Fixlet will usually disappear since the problem no longer pertains. Tasks,

Baselines and Analyses, on the other hand, will continue to stay activated until you terminate them.

This dialog is available by opening a Fixlet, Task , Analysis or Baseline from the appropriate list and clicking

the Description tab.

Details Tab

The Details tab provides a look at the mechanics behind the selected Fixlet, Task, Analysis or Baseline object.

It includes several sections describing various aspects of the Fixlet message:

Properties: This section lists various properties of the Fixlet, Task or Baseline, including Category,

Download Size, Severity and more. These properties are defined manually when the object is created.

Relevance: This section displays the Relevance expressions that are used to determine the relevance of an individual Fixlet message or Task. For a Baseline, this is an 'envelope' expression that determines the

overall relevance of the group. Only if the group is applicable will the relevance of the constituent

Tasks and Fixlets be analyzed. This is the core information for an Analysis, which evaluates the

Relevance expression and retrieves that value. Actions: This section displays the code that will be executed if an action is deployed from either a

Fixlet or a Task.

NOTE: Analyses don't have Actions, since they are simply passive property reporters. Baselines also don't have Actions, although their components typically do.

Comment: This section lets you attach comments to the Fixlet, Task or Baseline.

This dialog is available by opening a Fixlet, Task , Analysis or Baseline from the appropriate list and clicking

the Details tab.



Edit Actions Tab

The Actions tab of the Creation/Edit dialogs lets you craft Actions for your new or customized Fixlet or Task

object. These will be deployed on the appropriate computers of your BES network. This dialog has a list box containing the Action or group of Actions that are attached to this Fixlet message. To the right of this list is a set

of buttons:

Add: Click this button to create a new Action. It will create a new blank Action that you can edit in the

section below.

Delete: Delete the selected Action. Move Up: Moves the selected Action up in the list, meaning that it will be displayed and executed

earlier.

Move Down: Moves the selected Action down in the list, meaning that it will be displayed and

executed later.

For each Action, you can edit the type, certain settings and the script itself. Select an Action Script Type from

the pull down menu. Among the choices are:

BigFix Action Script: This is a popular scripting type, used by most Windows actions.

AppleScript: This is the scripting language of choice for managing Macintosh computers.

sh: This is shell script as used by a Unix system.

URL: This is a URL pointing to an appropriate script.

There are three boxes you can check to customize each action:

This Action is the default Action: Check this box to make the selected Action the default for this

group of Actions. Default Actions are typically safe and simple, making it reasonable to group them for

simultaneous deployment. Include Action Settings Locks: Check this box to use custom settings and locks, including display

messages, users, execution behavior and post-actions. Click on the Edit button to bring up the Action

Settings dialog with a lock next to each item. Click on the locks to keep these values from being

changed. Include Custom Success Criteria: Check this box to use (and lock) custom criteria that will be used to

judge the success or failure of the applied action. Click on the Edit button to bring up the Action

Success Criteria dialog.

In the bottom text box, enter the actual text of the Action Script. The style will vary depending on the script type you chose in the previous section. Because they can potentially be distributed to millions of computers, it

is always wise to test and test again.

This dialog is available by clicking the Fixlet, Task or Baseline tab in the top BES Console window. Right-click

in the list panel and select the appropriate Create option from the pop-up menu.

Or select the desired Create item from the Tools menu.



Edit Baseline

The Edit Baseline dialog. Baselines are groups of Fixlet messages, Tasks and other Baselines that you wish to

execute with a single mouse-click. A Baseline could be created to group all your application patches or security

issues so that you can ensure a common operating environment. You can create a Baseline from scratch, or

clone or edit an existing Baseline.

When you select this interface, you are presented with a dialog with two text boxes at the top:

Name: Enter the name of your Baseline.

Create in site: From the pull-down menu, select the desired host site.

Beneath these data fields, there are four tabs:

Description: Create a user-readable title and description for the Baseline you wish to deploy.

Components: Specify the components, namely the Fixlet messages, Tasks and other Baselines, that

you want to group into this Baseline. Relevance: Create a relevance clause to target this Baseline to just the subset of computers you desire.

Since each component of your Baseline will have its own Relevance clause, the default Relevance is set

to TRUE.

Properties: Specify certain properties for your Baseline, including category, source, severity and date.

To create a new Baseline from scratch, select the following:

Tools > Create New Baseline

You can also customize an existing Baseline by selecting it from any Baseline list and then choosing:

Edit > Create Custom Copy

Or right-click in a Baseline list and select Create Custom Copy or Create New Baseline from the pop-up menu. Similarly, you can edit an existing custom Baseline by selecting Edit Custom Baseline from the right-

click context menu.



Edit Components Tab

The Components tab of the Edit Baseline dialog lets you specify a group of Fixlet messages and Tasks that

you wish to add to your Baseline. Click on the link to add components to group and then select Fixlets, Tasks and other Baselines to place into your group. Use the edit name link to name the group. You can place all your

components into a single group or click the add new component group link to add structure to your Baseline.

Check the box next to Use custom action settings if you want to modify the Baseline Action settings. Click on

the set action settings link to bring up the Action Settings dialog.

The components of a Baseline are copies of the original Fixlet or Task, not pointers. As such, if the underlying

Fixlet or Task should change, the Baseline may become out of sync with the original. If this happens, the

message Source Fixlet differs will show up in the component listing.

At the bottom of this dialog, there is a Find command that brings up a dialog for you to enter a search string

and options such as match whole word, match case and search direction. It will allow you to easily search

through the components of your Baseline.

There is also a Sync All Components button. This will force all of your Baseline components to sync up with

the latest versions of their sources.

To create a new Baseline from scratch, select the following:

Tools > Create New Baseline

You can also customize an existing Baseline by selecting it from any Baseline list and then selecting:


Or right-click in a Baseline list and select Create Custom Copy or Create New Baseline from the pop-up

menu.



Edit Description Tab

The Description tab of the Creation/Edit dialogs lets you describe your new or customized Fixlet, Task,

Analysis or Baseline object.

Enter the Name of the Fixlet, Task, Analysis or Baseline in the top text box. This will show up as the title of the HTML description and be displayed in the name field of the object when it is listed in the

BES Console. This is an HTML page, and you can use the text toolbar at the top to define fonts,

positioning, etc. Don't forget to select the hosting site for this object from the pull-down menu.

Enter a custom Description that will constitute the body of your descriptive message. Simply click on the description in the HTML page to modify it.

Below the Description box is the text describing the Action(s) you can attach to this Fixlet, Task or

Baseline. The Action will appear as a clickable link in the Description page. Simply click on the text to

modify it.

NOTE: For an Analysis, this link will activate the retrieval of the specified Properties. Technically, activation involves the execution of an Action, but it's a benign Action that merely retrieves a value and doesn't set anything.




Edit Fixlet Message

The Edit Fixlet Message dialog allows you to create your own custom Fixlet messages. You can create a Fixlet message from scratch or clone an existing one and customize it. To create an original Fixlet, choose Tools >

Create New Fixlet Message. You will be presented with a dialog with two text boxes at the top:

Name: Enter the name of your custom Fixlet message.

Create in site: From the pull-down menu, select the BES site you want to host it.


Description: Create a user-readable title and description for the Fixlet you wish to deploy. If you are

cloning an existing Fixlet, the original title and description will be the default. This is an HTML page, and you can use the toolbar at the top to alter fonts and formatting.

Actions: Specify the action(s) for your custom Fixlet to execute.

Relevance: Create a relevance clause to target this Fixlet to just the subset of computers you desire. For a cloned Fixlet, the original relevance clause will be the default. You can replace or modify the

relevance clause to suit your network needs.

Properties: Specify certain properties for your Fixlet, including Category, Download Size, Source,

Severity and Date.

To create a new Fixlet message from scratch, select the following:



Tools > Create New Fixlet Message

You can also customize an existing Fixlet message by selecting one from any Fixlet list and then selecting:


Or right-click in a Fixlet list and select Create Custom Copy or Create New Fixlet Message from the pop-up

menu.

Edit Properties Tab

The Properties tab of the Creation/Edit dialogs lets you assign certain important properties to your new or

customized Fixlet, Task or Baseline object, including:

Category: There are many categories you can file your Fixlet, Task or Baseline objects under, including the standard ones such as Setting, Update, Support and more. If you wish, you can create new

settings for your particular installation as well.

Download Size: If a download is associated with your Fixlet, Task or Baseline, you can enter the size here. This will allow you to sort, filter and keep track of the bandwidth requirements of your various

custom-designed objects.

Source: This is the source of the Fixlet, Task or Baseline. For a custom object, this is typically a name

chosen by the BES Administrator, usually Internal. Source ID: This is an ID associated with the source described above. For an Internal source, the ID is

typically blank.

Source Release Date: Enter the release date of this Fixlet, Task or Baseline so you can manage these objects by age.

Source Severity: Enter the severity of the Fixlet, Task or Baseline, typically from a list including Low,

Moderate, Important and Critical. CVE ID: Enter the ID for the Common Vulnerabilities and Exposures standard, if any.

SANS ID: Enter the ID for the System Administration, Networking, and Security standard, if any.






Edit Relevance Tab

The Relevance tab of the Creation/Edit dialogs lets you create a relevance expression that will fine-tune the

deployment of your custom Fixlet, Task, Analysis or Baseline object. There are several ways to specify the

desired set of computers:

All computers: Include all the networked BES Clients for this Fixlet, Task, Analysis or Baseline,

regardless of relevance.

Computers which match [any/all of] the condition[s] below: This option lets you specify a condition

that must evaluate to true before the computer will trigger the Fixlet, Task, Analysis or Baseline. If there is more than one condition, this option will include a pull-down menu allowing you to use any or

all of the conditions listed. Three fields are used to define a condition:

The retrieved property: select a property from the pull-down list containing dozens of pre-defined retrieved properties. Note that there are two other options at the top of this list.

Select Relevance Expression from the top of the list, select is true or is false from the

relationship pulldown and then click the Edit Relevance button to define a custom relevance expression to base your group on.

Select Group Membership from the property list, select the desired membership

option and then select a manual group from the pull down list to the right.

The relationship: select from the four available comparison operators: contains, equals, does not contain and does not equal.

The value: Enter a value that will be compared to the value of the retrieved property. If the

comparison is true, the Baseline will become relevant on the specified computer.

For instance, to create a group that will automatically enlist Windows computers, enter OS

contains Win. There are two buttons used to edit the list of conditions:

Plus (+): Click this button to add a new condition to the list. When there are two or more

conditions, notice that the radio button above will include a pull-down menu allowing you to

trigger on any or all of the conditions in the list.

Minus (-): Click this button to delete the condition associated with it. Computers on which the relevance clause below is true: Click this button to enter a custom

Relevance expression that will be evaluated on each BES Client. A relevance expression is a small

script that takes advantage of thousands of BigFix Inspectors to examine all aspects of a client computer. If the relevance expression evaluates to true, the Fixlet, Task or Baseline becomes relevant to

that particular client and the BES Console will reflect that status. A complete discussion of relevance

expressions is beyond the scope of this documentation. For more information, refer to the BigFix

Relevance Language Reference and the various BigFix Inspector Guides. For some instructive

examples, make custom copies of BES Support Fixlets and examine their relevance statements.

This dialog is available by clicking the Fixlet, Task, Analysis or Baseline tab in the top BES Console window.

Right-click in the list panel and select the appropriate Create option from the pop-up menu.




Edit Script Element

The Edit Script Element dialog lets you create a small script to accompany a new or custom Fixlet, Task,

Baseline or Analysis. Enter the text of your action, and click OK. For more information on Action scripts see

the BigFix Action Language Reference.

This dialog is available whenever you create a new or custom Fixlet, Task, Baseline or Analysis. In the

description tag, enter the text you desire, and then from the toolbar at the top, insert the Script icon . This

will bring up the Edit Script Element dialog.

Edit Settings for Computer

The Edit Settings for Computer dialog allows the BES Console operator to alter the settings for a selected

computer. (For more settings, or to apply settings to multiple computers, see Edit Computer Settings).

Locked. Check this box to lock the computer.

Assign BES Relays Manually. Relays can be automatically assigned. Uncheck this box to select

automatic discovery (the recommended setting). If you want to manually specify a particular relay for

this BES Client, check this box and select the desired relays from the pull-down menus below. Primary Relay Server: Select the name of the primary BES Relay from the pull-down menu.

The selected computer will now point to this relay for Fixlet downloads instead of connecting

directly to the BES Server. Secondary Relay Server: Select the name of the secondary BES Relay from the pull-down

menu. If the primary relay is unavailable, then this secondary relay will take over the job of

providing Fixlet downloads.



Custom Settings: This list box contains custom named variables that can be assigned to each computer. This is

a valuable technique for organizing a network of computers, and can help to identify individual computers as

well as groups. This data in the value column is editable simply by clicking in the fields and entering data.

Name: This column contains the assigned custom variable names, e.g., "depts." Value: This column lists the values of the named variables, e.g., "human resources."

Site: As applied by the BES Console Operator, these named variables are a part of the "local" site.

These variables may also be set by other Fixlet sites, in which case their site name will show up here.

There are three buttons to the right of the list:

Add: Click this button to add a new custom variable to the list.

Delete: Click this button to delete the selected variable from the list. Edit: Click this button to edit the selected named variable. This places the cursor in the value field of

the chosen setting for editing.

Finally, there is a More Options button at the bottom of the dialog, that expands on these functions and opens

up the Edit Computer Settings dialog.

This dialog is available by selecting the Computers tab, right-clicking on a single computer and selecting Edit

Computer Settings from the pop-up menu.



Edit Computer Settings

The Edit Computer Settings dialog allows BES Console operators to change certain computer attributes on a

single or specified set of computers, including locking, making the client a BES Relay, pointing to BES Relays

and creating custom settings.

There are five tabbed dialogs on this screen to target and customize the settings for a selected group of BES

Clients:

Settings: Displays a group of controls to edit computer settings, such as the locked status, relays, and

custom variables.

Target: Displays a filter/list of computers that can be edited, filtered, sorted and grouped for specifically targeted settings.

Execution: As with other Actions, you can limit the activation of the settings to any desired schedule,

keeping in mind that the Action may take some time to deploy. Once applied, the settings will remain until removed. You can also specify certain user interactions and add extra targeting based on the

contents of retrieved properties.



Users: Allows you specify whether or not you want a user to be logged on before activating the

settings.

Messages: Allows you to issue a message to the BES Client before activating the settings.

When multiple computers are selected, this dialog is available by right-clicking and selecting Edit Computer

Settings from the pop-up menu (or select Edit Computer Settings from the Edit menu).

Edit Task Message

The Edit Task Message dialog allows you to create a Task from scratch or clone an existing Task and

customize it. To create an original Task, choose Tools > Create New Task Message. You will be presented

with a dialog with two text boxes at the top:

Name: Enter the name of your custom Task.

Create in site: From the pull-down menu, select the BES site you'd like to host this Task.


Description: Create a user-readable title and description for the Task you wish to deploy. If you are

cloning an existing Task, the original title and description will be the default. This is an HTML page,

and you can use the toolbar at the top to alter fonts and formatting.

Actions: Specify the action(s) for your custom Task to execute. Relevance: Create a relevance clause to target this Task to just the subset of computers you desire. For

a cloned Task, the original relevance clause will be the default. You can replace or modify the

relevance clause to suit your network needs. Properties: Specify certain properties for your Task, including Category, Download Size, Source,

Severity and Date.

To create a new Task from scratch, select the following:

Tools > Create New Task Message

You can also customize an existing Task by selecting it from any Task list and then choosing:


Or right-click in a Task list and select Create Custom Copy or Create New Task from the pop-up menu.

Enter Private Key

The Enter Private Key dialog requests a password. Type in the publisher password that you were given by

your BES Site Administrator. This dialog is displayed whenever an action is deployed, in order to assure that

only authorized personnel are allowed to update computers on the network.



Execution Tab

The Execution tab can be found in the Action dialogs. It lets you constrain the schedule and deal effectively

with failed or reverted Actions. This dialog also allows you to distribute the Action over a period of time,

helping you to balance your network load.

The Constraints section of this dialog lets you schedule actions and restrict the target computers:

Starts on [date] [time]: Check this box to define a date and time when the Action can first be executed.

Ends on [date] [time]: Check this box to define a date and time when the Action should expire.

Run between [time] [time]: Check this box to define a block of time when the Action can be run. Run only on [Sun,Mon,Tue,Wed,Thu,Fri,Sat]: Select specific days of the week to run the Action.



Run only when [Property] [Operator] [Value]: Check this box when you want to filter the BES

Clients by their retrieved properties. Select a Property and an Operator from the pull-down menus, then

select a value for comparison. The value entered must form a valid relevance expression.

The Behavior section of this dialog lets you deal with failed Actions and recurrent relevance. The BES Client can retry any Action that is unsuccessful. It can also reapply any Action that succeeds and then subsequently

fails. Among other things, this allows you to implement continuing policies while distributing the execution of

the Actions over time to minimize the network load:

On failure, retry XX times: Check this box to retry the action in case of a failure. If an action fails, it

may be that the user dismissed it or that the computer crashed or was otherwise unable to execute the action. Select a number of retry attempts (the default is 3). and then select a condition for trying again

from the choices below:

Wait XX between attempts: This button lets you select a period of time to wait before retrying the action (the default is one hour).

Wait until computer has rebooted: Select this button to wait until the BES Client reboots

before trying to execute the action again.

Reapply ths action. Check this box to keep reapplying this action as a policy.

whenever it becomes relevant again: Reapply the action whenever the relevance expression evaluates to true.

while relevant, waiting XX between reapplications: Instead of immediately reapplying the

action upon relevance, specify a period to wait between attempted reapplications. Limit to XX reapplications: Continue to apply the action the given number of times, as long

as it is still relevant. This limits a BES Client to a certain number of attempts (the default is 3)

before quitting. Note that this counts as the number of attempts after the original, so a limit of 3

will actually involve 4 attempts. Note that if an action becomes repeatedly relevant, it might be

a sign that a client computer needs special handling.

Distribute over MM minutes to reduce network load: By checking this box, you can force the

BigFix program to space out the execution of actions. This can be useful to reduce the load on the

network in the case of bandwidth-intensive actions (such as large downloads). It is especially useful for

allowing BES Relays to effectively service hundreds of attached BES Clients.

Run all member actions of action group regardless of errors: If this Action is a member of an

Action group, you can check this box to ensure that an error won't stop any subsequent Actions. Note

that this option is only available when you have selected multiple actions.


Take Action, Take Multiple Actions, Action Settings and Edit Computer Settings.



Find

You can find information in any of the lists (Fixlets, Tasks, Actions, etc.) whenever the focus is on that list. For

instance, to find a particular word in the Fixlet list, click on the Fixlet tab and press Ctrl-F (or select Find from

the Edit menu).

A dialog pops up that allows you to enter a word or phrase to search for. Typically, the form of the dialog is:

{field} {operator} {search string}

For instance, to find all the non-Windows computers in your network you would select the Computers tab, press

Ctrl-F and then use the dialog box to form the following search string:

OS does not contain Win

Where "OS" is the field, "does not contain" is the operator and "Win" is the search string.

You can Save your search filter and retrieve them using the pull-down menu at the top of the Find dialog.

Because Fixlets, Tasks and Analyses can be hidden, the search dialog includes extra information about the

visibility of those items. This allows you to search through these items depending whether they are Visible,

Locally Hidden or Globally Hidden.

This dialog is available by selecting one of the main tabs (Fixlet Messages, Tasks, Actions, etc.) to establish the

focus, then pressing Ctrl-F or selecting Find from the Edit menu..



Fixlet Document

A Fixlet document is displayed in the bottom window of the BES Console when you open a message from any

Fixlet list. You can do this by double-clicking the Fixlet message or right-clicking and selecting Open from the

pop-up menu.

At the top of the Fixlet document you'll find the Fixlet name, the site name, how many computers are affected

and how many actions are open.



There are several tabs in a Fixlet document. They include:

Description: An HTML page describing the Fixlet and a set of Actions (implemented as links) that are

designed to address the problem described. You can search any of the HTML interfaces in BES by

pressing Ctrl-F and then entering your search string. Details: An HTML page describing the Properties, Relevance clauses and Action scripts behind the

Fixlet. At the bottom of the page is a text box to enter a comment that will be attached to the Fixlet

message.

Applicable Computers: Shows what subset of computers is targeted by the action.

Action History: Shows the history of any actions that have been invoked by this Fixlet message.

A Fixlet document is opened whenever you open an item in a Fixlet list. To display a Fixlet list, click the

Fixlet Messages tab.

Fixlet messages Tab

The Fixlet messages tab displays all the Fixlet messages that are relevant on your network, along with their properties, that you can select for deeper inquiry. When you click the Fixlet messages tab, you will see a

filter/list:




Select an item from the filter panel on the left to winnow the list down to a more manageable size. You can sort

the list by clicking the desired column header. Click again to change from ascending to descending order. The

column headings are:

Name: The name assigned to the Fixlet message by the author. Source Severity: A measure of how serious a Fixlet message is, assigned by the Fixlet author. Typical

values are Critical, Important, Moderate or Low.

ID: A numerical ID assigned to the Fixlet message by the author.

Site: The name of the site that is generating the relevant Fixlet message. Applicable Computer Count: The number of BES Clients in the network currently affected by the

Fixlet message.

Open Action Count: Number of distinct actions open for the given Fixlet message. Category: The type of Fixlet message, such as a security patch or update.


Source: The name of the source company that provided the Fixlet information.

Source ID: An identification number assigned to the Fixlet to relate it back to its source.

Source Release Date: The date this Fixlet message was released.


Open: Open this Fixlet message for more information in the computer document area below.


Select All: Select all the Fixlet messages in this list Globally Hide Fixlet message: Hide this Fixlet message from all BES Console operators. It will still

remain in the database, but will not be displayed on any BES Console.

Globally Unhide Fixlet message: To see or recall any globally hidden Fixlet messages, select Globally

Hidden Fixlet messages from the filter panel in the upper left of the screen. Right-click a hidden Fixlet and select Globally Unhide Fixlet message.

Locally Hide Fixlet message: Hide this Fixlet message. It will still remain in the database, but will not

be displayed on this particular BES Console. Locally Unhide Fixlet message: To see or recall any locally hidden Fixlet messages, select Locally

Hidden Fixlet messages from the filter panel in the upper left of the screen. Right-click a hidden Fixlet

and select Locally Unhide Fixlet message. Take Default Action: Fixlet messages often have a default action which can automate their

deployment. You can also highlight multiple Fixlet messages and, if they all have default actions,

automate the entire deployment.

Add Comment: Create a comment that will be attached to this Fixlet message. Edit: Bring up a dialog that lets you edit a previously customized Fixlet message.

Remove: Delete the selected custom Fixlet message from the list.

Create Custom Copy: Copy the selected Fixlet message and customize it. Export: Outputs an XML (.bes) file that can be shared with other users.

Add To New Baseline: Adds the selected Fixlet message to a new Baseline.

Add To Existing Baseline: Adds the selected Fixlet message to an existing Baseline.

Create New Fixlet message: Create a custom Fixlet message from scratch.



To learn more about a Fixlet message, double-click it from the list or right-click and choose Open from the

pop-up menu. That will bring up a Fixlet document in the work area below.

This dialog is available by clicking on the Fixlet messages tab or selecting Fixlets > View All Relevant Fixlet

messages from the Navigation Bar.

Help for the BES Console

Show the help files for the BES Console. These online files provide a tutorial, a description of the program and

a full-text search capacity.


Help > Contents

Import Content

The Import Content dialog allows you to import .bes files that you have exported or that have been sent to you

by another operator.

Bes files may contain groups of Fixlet messages, Tasks, Actions or Baselines. The interface displays a list of

these objects, showing their title, type and in which site they will be created.



In addition there are these options:

Edit: This button allows you to edit the objects contained in the exported file. First, select a single

object from the list and then click this button. An edit window opens, allowing you to change the

content of Fixlet messages, Tasks, Baselines or Actions. You can also open an object for editing by double-clicking it.

Open documents after creation: Check this box to automatically open the objects for viewing after

they are imported and added to the site.

Create in site: This pull-down menu allows you to send the entire group of objects to the site of your

choosing.

This dialog is available by selecting Import from the File menu.

Launch Web Reports

The Web Reports dialog provides access to network information which is collected from various BES Servers

and aggregated into a set of HTML reports. These include summaries of the history and status of Fixlet messages and Actions across extended networks of computers. These reports can be used to track software

deployments and compliance across a global network of independent LANs.


Tools > Launch Web Reports or Launch Web Reports from the Navigation Bar.

Main Console Window

The Main Console window for the BigFix® Enterprise Suite (BES) has a Navigation bar at the left to grant

one-click access to most of the BES Console features. Users who are short on screen space may wish to dismiss this window by clicking on its close box. You can reopen the window by selecting Show Navigation Bar from

the View menu.

To the right of the Navigation bar, you'll see an upper panel with several tabs and a document window below

that to expand upon each of these key elements of the BigFix system. To operate the Console, just click one of the tabs and then double-click an item from the resulting list. That will open a document in the bottom window

with more detailed information about the selected item.

Main Tabs: Fixlet Messages: Displays a list of Fixlet messages that are relevant on the various BES Client

computers on your network. Tasks: Displays a list of Tasks that are relevant on the various BES Client computers on your

network.

Baselines: Displays a list of Baseline Fixlet messages and Tasks that have been conveniently grouped for one-click deployment.

Actions: Displays a list of the Actions that have been or are currently running across your

network.

Computers: Displays a list of the BES Client computers on your network, along with several useful properties retrieved from those computers.



Computer Groups: Displays a list of grouped computers. These groups may be assigned

manually or automatically.

Analyses: Displays a list of the Analyses available for your network. Console Operators: Displays a list of authorized BES Console operators.

Unmanaged Assets: This optional tab displays a list of assets that are not directly under the

control of the BES Console.

Filter Panel: This set of documents and folders contains specific field values that you can use to narrow down the list panel on the right. For instance, after clicking the Fixlet Messages tab, you might

select a category such as All Relevant Fixlet Messages then open the Source Severity folder and

select Critical to filter the list down to critical Fixlet messages only. List Panel: This is the main listing, as filtered by the filter panel (above). You can sort the list by

clicking on the column headers. You can also rearrange the headers by dragging them left or right.

There may be a pop-up menu when you right-click one of the headers. If so, it will contain a list of all the possible fields for you to select or deselect at will.

Right-click Menu: This is the context menu that shows up when you right-click any item in a

list. Each different list has a unique context menu.

Document Area: Below the tabbed area is a document window. When you double-click an item from any list, it will open a detailed document in this area. Although the interface is similar for each of the

main tabs described above, the following discussion concentrates on Fixlet messages:

Document tabs: Each type of document has a unique set of tabs to go along with it. Fixlet Message: If a Fixlet message is opened from the list, the Fixlet document will explain

the issue in plain English.

Action Button: A Fixlet document typically contains at least one Action, represented by a link

or button. Click it to deploy the action across your network.



Below is a screen shot from a typical session. The Fixlet Messages tab is selected, and the user is viewing a

message opened from the list panel:

Filter Panel Main Tabs List Panel Right-click Menu

Navigation Bar Action Button Document Tabs Fixlet Message

Manage Properties

The Manage Properties dialog contains a list of computer properties that are retrieved on a regular schedule from each BES Client. This allows the Console operator to monitor specific aspects of all managed clients.

These properties can also form the basis of the client filters (and column headers) in the BES Console whenever client computers are listed. In addition, these properties can be used to target computers for Fixlet messages or

actions.

There are several properties listed as defaults in the top panel, but if you are a Master Operator, you can add to

these (and delete others) by using the buttons on the right:



Add New: To add a property, click this button, and the bottom part of the dialog becomes editable.

Supply a name (that will be used for filtering and sorting) and then fill in a Relevance Expression in the

text box below. Delete: To delete a property, highlight it in the list and then click this button.

Make Custom Copy: You can clone and customize any property by selecting it in the list and then

clicking this button.

Export: To export a property as an XML (.bes) file for sharing with other users, click the button and

then specify a filename for export.

Below this panel are two text fields. They display the existing property name and relevance expression. For

reserved properties, these fields are display-only. Many of the properties, however, are available for editing.

Name: Displays the existing name of a property, or allows you to enter a name for a new Property. If

you make this name available, it will be integrated into the interface for filtering, sorting and targeting. This field also allows you to rename a property.

Relevance: This text box displays the relevance expression that is evaluated to produce the retrieved

property.

For each of these properties, there is an optional evaluation period:

Evaluate: Choose a time period, from 5 minutes to a month, when this Property will be evaluated. You

may wish to set a long period for time-consuming property evaluations or a short period for more

urgent properties. The default is Every Report, which revaluates the properties with each report.

NOTE: Some of the properties (such as the IP Address and the relay status) are essential to the proper functioning of the BES Console. They are marked as Reserved, and may not be renamed or deleted.

This dialog is available two ways:

Tools > Manage Properties...

Right click in the column header of any BES Client computer listing and select Manage Properties...



Manage Sites

The Manage Sites dialog brings up a list of the current set of Fixlet site subscriptions. There are several buttons

to the right of this list:

Add External Site: To add an external site, click this button. It will bring up a Windows Open dialog, and let you subscribe to a Fixlet site by selecting its masthead. These mastheads are usually saved in a

masthead folder.

Create Custom Site: To create your own custom site, click this button. It will bring up a dialog so you

can assign a name to the site. Click OK to bring up a Site Properties dialog for you to fill out. Remove Site: Click this button to unsubscribe from the selected Fixlet site. Note that you can't delete

the BES Support site, because it is needed to upgrade and manage licensing issues in the BES system.

Properties: Click this button to view the properties of this site.

Gather All Sites: This button forces an update of all the Fixlet sites.


Tools > Manage Sites...

Manual Computer Groups

This dialog allows you to manually group your computers so that you can target them appropriately. To choose

the computers you wish to group, select them from the list over the Computers tab. Right click and select Add

to Manual Group. In the dialog that pops up, you can add these computers to a pre-existing group, or define a

new one. There are two buttons to select from:

Add the selected computers to the group selected below: Click on the desired group and click OK.

Add the selected computers to a new group named: Type in a new group name and click OK.

NOTE: A computer can belong to more than one group. You may also define groups automatically, by using

properties or Relevance statements to indicate their group status.

This dialog is available by selecting computers from the computer list, right-clicking and selecting Add to

Manual Group from the pop-up menu.



Messages Tab

The Messages tab can be found in various Action dialogs. Ordinarily, the BES system applies actions in the

background, without bothering any end user who may be present. There are, however, occasions in which the BES Console operator might prefer that the action be taken only with end-user involvement. The Message tab

in the Take Action dialog box allows the operator to alert the user with a specific message, and to offer certain

interactive features on the message display, including the ability to see more information about the proposed

action and to cancel the proposed action.

Display message before running action: Check this box if you want to deliver a message to the BES Clients before running an action. When this box is checked, other boxes are opened for modification:

Message Title: Type a title line for your message.

Description: To prepare the user, enter a description of the forthcoming Action in this text box. Ask user to save work: Check this box to include a prompt asking users to save their work

before the Action is invoked.

Allow user to view action script: Check this box to allow the user to look over the script before accepting the Action. Note that this option is disabled in the Take Multiple Action

dialog.

Allow user to cancel action: Check this box if you want to grant the user the right to cancel

the action.

Set Deadline: The following two radio buttons allow you to extend the user a grace period after the Action becomes relevant. This can give them time to prepare for an upgrade. The deadline can be

relative or absolute:

[time period] from time action is relevant: Click this button to grant the user a specified

grace period starting at the moment the Action becomes relevant. [date] at [time] client local time: Click this button to specify a specific date and time to serve

as the Action deadline.

At deadline: When the deadline arrives, these options are available:

Run action automatically: Click the button to cause the Action to run automatically when the

deadline arrives.

Keep message topmost until user accepts action: Click this button to keep the message on

top until the user clicks to accept the Action.

Confirmation message: When the user accepts an action, you can issue a message:

Show confirmation message before running action: Check this box if you want to display a

final confirmation message to the user before executing the Action.

Display message while running action: You can add a separate message to be displayed while the

action is running. Check this box and then enter the title and your message in the text box below.


Take Action, Take Multiple Actions, Action Settings and Edit Computer Settings.



Modify Site Subcriptions

The Modify Site Subcriptions dialog lets you subscribe or unsubscribe any specified group of computers to

any of your custom sites.

This dialog is available by right-clicking on an item from any Computer list and selecting Modify Site

Subcriptions from the context menu.

Navigation Bar

The Navigation Bar provides a shortcut to the most-used BES functions. These are arranged in menu blocks on the left side of the screen with titles like Fixlets, Tasks, Wizards, etc. You can minimize any menu by clicking

the arrow icon at the right side of its title line.

If your monitor is too small to comfortably view the BES Console with the Navigation Bar, you can dismiss it.

Simply click on the close icon in the upper right corner of the bar. You can reinstate the Navigation Bar at any

time by selecting Show Navigation Bar from the View menu.

Offer Tab

The Offer tab can be found in various Action dialogs. It lets you advertise a list of Actions (typically optional

patches or updates) to the BES Client user. They can then choose the Actions they desire from the offering list.

Offers are limited to BigFix version 7.0 Clients or better.

Make this action an offer: Check this box to advertise the given Action to users. When you check the

box, the interface opens up to enter more details about the offer:

Title: Enter a descriptive title for your Action here. Remember that this advertisement is being

presented to end-users who will need a clear and simple description in order to take advantage of the

offer. Category: Enter a category for this offering. This is a user-defined field, and you can use any scheme

that makes sense to your particular BES deployment.

HTML box: Use this box to customize the HTML that will be presented to the end user. Enter a

description of the action in the box provided. You can customize this HTML with fonts and styles.


Take Action, Take Multiple Actions and Action Settings.



Post-Action Tab

The Post-Action tab can be found in various Action dialogs. It gives the BES Console operator the choice of

restarting or shutting down the client computer after the Action has completed.


Do Nothing after action completes: This is the default -- after execution, simply resume normal operation.

Restart computer after action completes: Many actions require a restart to complete the remediation.

The Options here include user cancellation and postponement. You can also specify a title and a

message to be displayed to the user. Shutdown computer after action completes: You may need to shut down the computer after the

application of the action. As above, you can also specify a title and a message to be displayed to the

user.

If you select either of the last two options above, the bottom panel becomes available for editing:

Message:

Message Title and Text: Use these text boxes to create a message that will be delivered to the end

user, explaining what's about to happen (restart or shutdown) and what their options are. Allow user to cancel restart/shutdown: This gives the user a dialog box so that they can cancel out of

the proposed restart or shutdown.

Set deadline: This gives the user the option to delay the restart/shutdown for the specified period of time (from fifteen minutes to thirty days) after the completion of the Action. Typically, restarts are

needed to complete an installation, so they should not be put off for long.

At deadline: Click one of these buttons to specify what the deadline action will be. You can choose to automatically restart or shutdown, or to keep a dialog box on the screen until the user is ready

(presumably after saving their work).


Take Action, Take Multiple Actions and Action Settings.



Post-Execution Tab

The Post-Execution Action Script tab of the Take Multiple Actions dialog lets you create an action script that

will execute after the chosen set of Actions is run. Among other possibilities, this allows you to track the Action

deployments using your existing control systems. There are two buttons in this dialog:

Do not run a custom action script after executing this multiple action group : This is the default for

most multiple Fixlet actions.

Run the following action script after executing this multiple action group: If you want to create a

custom action script when you deploy this action, select this button, and the following two items will determine the course of the action.

Action Script Type: The type of action script you want to use for this script. Some of the

options include: BigFix Action Script: This is the standard scripting language for BigFix actions.

AppleScript: This is Apple's scripting language for controlling computer resources.

sh: indicates that the action is a shell script, intended to be run by a linux / unix / bsd shell.

URL: specify a URL pointing to a post-execution script.

Action Script: Type your post-action script into this text box. Scripting is powerful and can

have huge ramifications. Make sure to test your action on a small scale before you deploy it on

your entire network!

This dialog is available by selecting multiple Fixlet messages from any Fixlet list, then selecting Take Default

Action from the right-click menu.

You can also arrive at this dialog by selecting Baseline Actions.

From the Take Multiple Actions dialog, select the post-Execution Action Script tab.



Pre-Execution Tab

The Pre-Execution Action Script tab of the Take Multiple Actions dialog lets you create an action script that

will execute before the chosen set of Actions is run. Among other possibilities, this allows you to track the

Action deployments using your existing control systems. There are two buttons in this dialog:

Do not run a custom action script before executing this multiple action group : This is the default

for most multiple Fixlet actions.

Run the following action script before executing this multiple action group: If you want to create a

custom action script when you deploy this action, select this button, and the following two items will determine the course of the action.

Action Script Type: The type of action script you want to use for this script. Some of the

options include: BigFix Action Script: This is the standard scripting language for BigFix actions.

AppleScript: This is Apple's scripting language for controlling computer resources.

sh: indicates that the action is a shell script, intended to be run by a linux / unix / bsd shell.

URL: specify a URL pointing to a pre-execution script.

Action Script: Type your action script into this text box. Scripting is powerful and can have

huge ramifications. Make sure to test your action on a small scale before you deploy it on your

entire network!

This dialog is available by selecting multiple Fixlet messages from any Fixlet list, then selecting Take Default

Action from the right-click menu. You can also arrive at this dialog by selecting Baseline Actions.

From the Take Multiple Actions dialog, select the Pre-Execution Action Script tab.



Preferences

The Preferences dialog lets you adjust certain system-wide parameters:

Fixlet List

Refresh list every XX seconds: Controls how often the Fixlet display is updated. The default setting

causes the BES Database to be queried every 15 seconds. More frequent updates cause more network traffic, but less frequent updates increase the response time. As the BES Database increases in size, a

longer refresh rate may be desirable. In practice, 15 seconds provides a good balance between latency

and bandwidth concerns.

Client Computers

Send heartbeat every XX minutes: Controls how often the BES Client computers check in with the

BES Server to update their status. Each time a BES Client sends a heartbeat, it includes any retrieved property values which have changed. 15 minutes is the default value.

Mark as offline after XX minutes: Controls how long to wait after the last heartbeat before a

computer is declared to be offline. The default is 50 minutes.

Relevance Colorization

Modify the colors used to display relevance: Whenever Relevance expressions are viewed, the text

can be colored for easier reading. Click the Set Colors button to open an interface allowing you to

customize the color scheme.

Console Close

Prompt for confirmation before closing the console: This preference provides a yes/no prompt every

time you exit the BES Console.



Cache options

Always load data from database: If you do not wish to leave information cached on your BES

Console computer, click this option. This will cause all data to be loaded freshly from the database each

time you open the Console. Keep partial cache on disk: This option caches everything but retrieved property results. The Console

still caches Fixlet and Action results which are then written out upon exiting.

Keep full cache on disk: With this option, retrieved properties can be stored locally along with Fixlet

and Action results. The more properties you keep in the cache, the more expensive it is to maintain, so

the caching policy determines how long the Console runs before it clears items out of its cache.

Expiration policy. If you have selected the full caching option above, you must also set an expiration

policy to periodically purge the cache:

Aggressive: This policy purges unused data rapidly, purging any items that were not accessed

in the previous Console session. Moderate: This policy is intermediate between aggressive and conservative.

Conservative: This policy allows data to remain for a long time between purges, whether or

not is has been recently accessed.

Clear Cache: Clear the current cache when the BES Console is next run.


File > Preferences

Presentation Debugger

The Presentation Debugger dialog lets you write a Relevance Expression and test it. You can enter the expression as straight text, HTML or Presentation (XML) style. There are some buttons attached to this dialog,

although they may differ depending on the context of the dialog:

Cancel: Available when the debugger is called from a Wizard tool, this button lets you cancel the

insertion of the Wizard.

Insert: Also available when the debugger is called from a Wizard tool, this button lets you insert the Wizard icon into a custom Fixlet, Task, Baseline or Analysis.

Open File: Brings up a File Open dialog to import an existing Relevance statement or Wizard file.

Evaluate: Click this button to evaluate the specified Relevance statement. The results will appear in the

box below.

You can attach a Site ID and a Fixlet ID to your expression as well, using the appropriate text boxes.

This dialog is available whenever you create a new or custom Fixlet, Task, Baseline or Analysis. In the

description tag, enter the text you desire, and then from the toolbar at the top, insert the Wizard Hat icon .

This will bring up the Presentation Debugger dialog.



Recent Comments

This dialog presents a list of comments that have been attached to Fixlet messages, Tasks, Baselines, Actions

and Computers. It compiles all the Comments from each of these interfaces for viewing in one spot.

You can view the current comments by selecting Tools > View Recent Comments.

Results Tab

The Results tab of the Analysis document displays a list of targeted computers and the results of the analysis

for each one. The format of this display depends on the selected View, either list or summary.

When viewed as a list, each specified retrieved property has a corresponding header and the value of each property is displayed beneath it. If there is more than one value for a property, then <multiple results> is

displayed. You can sort this list by the headers or use the folders in the left-hand panel to filter the results. This

allows you to manage large sets of computers by their retrieved properties.

When viewed as a summary, each property has its own section, with response counts and percentages for each

value of the property.

This dialog is available whenever you select an activated Analysis from an appropriate list.

Settings Tab

The Settings tab of the Edit Multiple Computer Settings dialog allows the administrator to apply certain

settings to multiple targeted computers, including locking, relays and custom variables. It includes the following

controls:

Locking Status. Check this box to either lock or unlock the targeted computers. You might wish to lock a computer because it is currently being used in program development, it is in the middle of a

lengthy process or because it is running specialized software. As long as a computer is locked, no

actions will be executed on it. Locked. Click this button to lock the computer.

Unlocked. Unlock the targeted computers.

BES Relay Selection Method. Choose an automatic or manual Relay method. Automatically Locate Best BES Relay. Select this button to automate the process of selecting

a BES Relay. This is the recommended setting.

Set BES Relays Manually. Force a manual selection of the BES Relays.

Primary BES Relay. Select a primary BES Relay. Check the box and select a computer from the pull-down menu. Any attached BES Clients will then gather Fixlet downloads from this relay rather than

directly from the BES Server.

Secondary BES Relay. Select a secondary BES Relay. Check the box and select a computer from the pull-down menu. Any attached BES Clients will then gather Fixlet downloads from this relay if the

primary relay is unavailable.



Custom Setting. This feature allows the BES Master Operator to create named variables that can be associated with the targeted computers.

Name. Type the name of a variable to be associated with all targeted computers, e.g., "department."

Value. Enter the value of the above-named variable, e.g., "payroll."

Custom Site Membership. Select custom sites for the selected computers to subscribe to (or

unsubscribe from). Subscribe to site. Select a custom site from the drop-down menu.

Unsubscribe from site. Select a custom site to unsubscribe from.

When multiple computers are selected, this dialog is available by right-clicking and selecting Edit Computer

Settings from the pop-up menu.

Site Properties

The Site Properties dialog displays information about the selected Fixlet site, including details about the Site publisher and the precise URLs from which the content has been gathered. The dialog box shows e-mail

addresses for user feedback and the recommended gather frequency. For instance, a typical Fixlet site may have

a daily subscription and be signed by both BigFix, Inc., and a software or hardware vendor.

For a non-custom site, there is typically only one tab in this dialog:

Properties: This tab displays various properties of this site, including the following:

SiteName: Name of the selected Fixlet site. Type: Types can include external and custom sites.

Organization: The name of the company that manages the Fixlet site.

From: E-mail address of the manager of this Fixlet site. Subject: A description of the Fixlet site.

Website: The website of the company that authors this Fixlet site.

BBS: The URL of a bulletin board supporting this site.

GatherURL: The URL of the Fixlet site. Update Frequency: The frequency for gathering fresh Fixlet messages from this site.

Date: A date attached to this site.

Description: A short description of the Fixlet site.



Depending on whether the selected site is custom or external, you may see some extra tabs in this dialog:

Subscription: This dialog allows you winnow the list of computers that subscribe to the chosen site. By

eliminating superfluous or irrelevant Fixlet subscriptions, you can reduce the disk-storage requirements

of your client computers. This tab is not available for custom sites. Site Owners: This is a list of the operators who are allowed to "own" the custom site. Site owners can

grant other Console operators the right to view or create site content. The default set of owners includes

all the Master Operators. Click the Add button to include any other desired operators in this list. Site

owners and Master operators are automatically added to the site writers and readers lists (below). Site Writers: This is a list of those operators that are authorized (by you or other site owners) to write

content for the site. Site writers are automatically added to the reader list (below).

Site Readers: This is a list of those operators that are authorized (by you or other site owners) to read content from this site. Console operators without reading permission will not be allowed to view the

content in this custom site, nor will they be allowed to change any of the site properties described here.

This tab is available for both custom and external sites.


Tools > Manage Sites > Select a site > Properties button

Site Readers

The Site Readers dialog lets BES Master Operators specify a subset of other operators who can access a given Fixlet site. This dialog is available to BES Master Operators and Non-Master Operators who have Site

Ownership permissions.

Not all operators need to know about all sites, and some sites may be most easily managed by a single operator,

such as the Anti-Spyware Czar. This interface lets you attach a Fixlet site to a single operator or group of

operators. You can also remove operators from this list at any time.

Note that you can't remove the Master Operator category. This is to prevent the possible confusion of being able

to edit (as a Master Operator) the visibility of a site you can't see. Thus, this interface only affects the reader

status of Non-Master Operators. By default, both Master and Non-Master Operators are selected as readers of

the given site. To edit the list of Non-Master Operators, use the three buttons at the bottom of the dialog:

Add all operators. Click this button to add all current BES Operators (Master and Non-Master) to the readers list for the selected site.

Add operator. Click this button to bring up a dialog prompting you for specific BES Non-Master

Operators. Using Ctrl and Shift, click on the set of desired readers for the given site. Remove. Click this button to delete the highlighted entries from the list above, including the entire

class of Non-Master Operators (or use Shift and Ctrl to select a specific subset of operators from the

list). Note that you can't delete the Master Operator category.


Tools > Manage Sites > Select a site > Properties button > Site Readers tab



Site Subscription

The Site Subscription dialog lets you narrow down the number of clients subscribed to the selected Fixlet site.

There may be occasions where a BES Client or a group of Clients may be receiving redundant Fixlet messages,

typically due to an overlap in site content. In addition, some BES Clients may be getting superfluous Fixlet

messages. This can happen when a Linux machine, for example, is receiving Windows Fixlets. This poses no problem to the operation of BigFix, which knows to ignore irrelevant or redundant Fixlet messages. However, it

does consume Client disk space, which is often at a premium.

To address this issue, this dialog allows you to unsubscribe selected BES Clients. Note that there are three

radio-buttons on this dialog:

Subscribe all clients to this site. This is the default for a typical subscription. Click this button to

subscribe all BES Clients to the selected site. This is how you might resubscribe a set of clients that you have previously unsubscribed.

Unsubscribe all clients from this site. Completely unsubscribe all BES Clients from the selected

Fixlet site.

Subscribe only the following group of clients to this site (pre-6.0 clients will ignore this

restriction). This option allows you to select BES Client computers using an interface similar to a

computer group definition. Any BES Client that is not a member of this defined group will be

unsubscribed from the given site. When you select this option, the Edit button at the bottom becomes

active:

Edit subscription group definition. Click here to edit the group of BES Clients that are currently

subscribed to the specified Fixlet site. This will invoke the Automatic Computer Grouping interface,

allowing you to subscribe a group of computers based on shared properties, such as Computer Names,

Client settings, operating systems, etc.


Tools > Manage Sites > Select a site > Properties button > Subscription tab



Success Criteria Tab

The Success Criteria tab of the Take Action dialog lets you define the conditions under which the action will

be considered to be successful. There are three buttons in this dialog:

Consider this Action successful when:

The applicability relevance evaluates to false: This is the default success criteria, requiring that the Relevance statement that made the Action applicable is no longer TRUE. Since the Relevance

statement is designed to notice a problem and the Action is designed to fix it, this is generally sufficient

to establish success.

All lines of the action script have completed successfully: You can make success dependent on completing the action script.

The following relevance clause evaluates to false: You may use a special Relevance clause to ensure

that the desired action has accomplished it goals.

If you choose the third option, the text box below becomes editable and you can revise the existing Relevance

clause.

This dialog is available by selecting a Fixlet message or Task from any list, then clicking an action button. From

the Take Action dialog, select the Success Criteria tab.

Take Action

The Take Action dialog is similar to the Take Multiple Actions dialog, but it is designed to issue a single

Action. When you click on an Action button, this dialog pops up, letting you specify exactly how the selected

Action is to be deployed to the computers on your network.




Preset: This is a pull-down menu with the names of your existing presets. One of these presets is

Policy, which will create an open-ended Action with no expiration date. Click on a named preset to

automatically fill out your Action settings. Show only personal presets: Check this box to limit the presets to your own personal presets.

Save Preset: After creating custom settings for an Action, you can save them for later re-use.




The body of the dialog contains several tabs, including:

Target: Lets you specify subgroups of BES Clients to target with the selected Action. You can select

computers based on retrieved properties -- including your own custom properties -- or you can supply a

list of specific computers. Execution: Lets you constrain the execution schedule and allows you to specify the retry and reapply

behavior for execution and failure.

Users: Lets you run an Action based on user presence. You can also expose specific users or groups of

users to a Client User Interface. Messages: Here you can specify some interactions that may take place with the end user before and

during the execution of the Action.

Offer: Allows you to advertise the existence of programs or patches that your networked BES Clients can opt into. This grants extra control to your users to customize their setup.

Post-Action: Lets you specify a follow-up behavior for the Action, such as a restart or shutdown.

Applicability: Lets you choose the original Action relevance or substitute your own custom relevance

expression. Success Criteria: Typically, an issue is considered fixed when the Fixlet message is no longer relevant,

meaning the problem can no longer be detected. This tab lets you use different criteria to determine

when a problem has been fixed.

Action Script: Lets you choose the original Action script or substitute your own custom script.

When you decide to execute the Action, click OK. You will need to enter your password before the BES

Console will issue the Action. When you do, a progress dialog will pop up to keep you posted on the

deployment.

This dialog is available by opening a Fixlet message from any list and then clicking on an Action button.

Take Multiple Actions

The Take Multiple Actions dialog is similar to the Take Action dialog, but is designed to issue multiple default Actions in a single group. Right-click on a selected group of Tasks or Fixlets containing default Actions,

and select Take Default Action. This dialog pops up, letting you specify exactly how the selected Actions are

to be deployed to the computers on your network.




Preset: This is a pull-down menu with the names of your existing presets. One of these presets is

Policy, which will create an open-ended Action with no expiration date. Click on a named preset to

automatically fill out your Action settings.

Show only personal presets: Check this box to limit the presets to your own personal presets. Save Preset: After creating custom settings for an Action, you can save them for later re-use.




The body of the dialog contains several tabs, including:

Target: Lets you specify subgroups of BES Clients to target with the selected Actions. You can select

computers based on retrieved properties -- including your own custom properties -- or you can supply a

list of specific computers. Execution: Lets you constrain the execution schedule and allows you to specify the retry behavior for

execution and failure.

Users: Lets you run Actions based on user presence. You can also expose specific users or groups of

users to a Client User Interface. Messages: Here you can specify some interactions that may take place with the end user before and

during the execution of the Actions.

Offer: Allows you to advertise the existence of programs or patches that your networked BES Clients can opt into. This grants extra control to your users to customize their setup.

Post-Action: Lets you specify a follow-up behavior for the Action group, such as a restart or shutdown.

Pre-Execution Action Script: Lets you specify an Action Script to execute before the group of Actions

is deployed. Post-Execution Action Script: Lets you specify an Action Script to execute after the group of Actions

is deployed.

Applicability: Lets you choose the relevance provided by the original Actions or substitute your own

custom relevance expression.

When you decide to deploy the set of Actions, click OK. You will need to enter your password before the BES

Console will issue the Actions. When you do, a progress dialog will pop up to keep you posted on the

deployment.

Right-click on a selected group of Tasks or Fixlets containing default Actions, and select Take Default Action.



Target Tab

The Target tab can be found in various Action dialogs. When an Action becomes relevant, the BES Console

operator can target a subset of users to receive the action.


Specific Computers selected in the list below. When you select this button, only those BES Clients highlighted in the computer list will receive the actions. This is the default behavior. Note that you can

filter this computer list by selecting items from the tree view in the left panel. Once you click OK, the

selection of computers in this list will be frozen -- the retrieved values will not be reevaluated before

the action is deployed. Thus, if a computer is affected by this problem in the future, it will not be covered by this option. It will trigger the same Fixlet, but will require you to target it again.

All Computers with the Retrieved Properties values selected in the tree below. This button will

cause continued evaluation of BES Client computers for relevance if they match the selected properties. Unlike the scenario described above, if a new computer is affected by this problem in the future, it will

be automatically updated. You may also filter this set of relevant computers using the retrieved property

panel on the left. Because of the open-ended nature of this function, you may want use the Execution

tab to define an expiration date. The computers specified in the list of names below. This button allows you to enter (or paste) a list of

specific computers. Format the list with computer names (as displayed in the Console), separated by

newlines.

These options grant you great power over the deployment of Fixlet actions. Think carefully about your choices here. The first button is the safest, since it describes a static set of computers that you wish to target. The second

choice is more powerful, because it will continue to evaluate and automatically deploy relevant actions, but it

could also have long-term consequences that you should consider. The third choice allows you to deploy to a

specific list of computers, for fine-grain control over your deployment.


Take Action, Take Multiple Actions and Edit Computer Settings.



Task Document

A Task document is displayed in the bottom window of the BES Console when you open a message from any

Task list. You can do this by double-clicking the Task or right-clicking and selecting Open from the pop-up

menu.

At the top of the Task document you'll find the name, the site hosting the Task, how many computers were

affected and how many Actions are open.

There are several tabs in a Task document. They include:

Description: A text version of the Task, describing the problem and offering one or more Action buttons or links to redress the issue. You can search any of the HTML interfaces in BES by pressing

Ctrl-F and then entering your search string.

Details: A list of the properties, Relevance statements and Actions that constitute the Task. Applicable Computers: Lists the subset of computers are targeted by the Task.

Action History: Shows the history of the Action deployment. This list is empty unless the Action

associated with the Task has already been triggered.

A Task document is opened whenever you open an item in a Task list. To display a Task list, click the Tasks

tab.



Tasks Tab

The Tasks tab displays all the Tasks that are available on your network, along with their properties, that you

can select for deeper inquiry. When you click the Tasks tab, you will see a filter/list:

This screen shot shows the filter panel on the left, the list on the right, and the right-click context menu.

Select an item from the filter panel on the left to winnow the list down to a more manageable size. At a

minimum you will typically want to view only Applicable Tasks. You can sort the list on the right by clicking

the desired column header. Click again to change from ascending to descending order. The column headings

include:

Name: The name assigned to the Task by the author. ID: An identifying number for this Task.

Category: The type of Task, such as a security patch or update.

Site: The name of the site that is generating the relevant Task. Applicable Computer Count: The number of BES Clients in the network currently affected by the

Task.

Open Action Count: Number of distinct actions open for the given Task.

Download Size: The size of the remedial file or patch that the action will download. Source Severity: A measure of how serious a Task is, assigned by the Task author. Typical values are

Critical, Important, Moderate or Low.

Source: The name of the source organization that provided the Task information. Source ID: A numerical ID to help track this Task back to its source. This is often left unspecified.

Source Release Date: The date this Task was released.




Open: Open this Task for more information in the computer document area below.

Copy: Copy this info to the clipboard for pasting into a text program, such as Notepad or WordPad.

Select All: Select all the Tasks in this list Globally Hide Task: Hide this Task from all BES Console operators. It will still remain in the

database, but will not be displayed on any BES Console.

Globally Unhide Task: To see or recall any globally hidden Tasks, select Globally Hidden Tasks from

the filter panel in the upper left of the screen. Right-click a hidden Task and select this menu item. Locally Hide Task: Hide this Task. It will still remain in the database, but will not be displayed on this

particular BES Console.

Locally Unhide Task: To see or recall any locally hidden Tasks, select Locally Hidden Tasks from the filter panel in the upper left of the screen. Right-click a hidden Task and select this menu item.

Take Default Action: Deploy the Action set as a default. If a Task doesn't have a default Action, this

item is grayed-out.

Add Comment: Create a comment that will be attached to this Task. Edit: Bring up a dialog that lets you edit a previously customized Task.

Remove: Delete the selected custom Task from the list.

Create Custom Copy: Copy the selected Task and customize it. Export: Outputs an XML (.bes) file that can be shared with other users.

Add To New Baseline: Adds the selected Task to a new Baseline.

Add To Existing Baseline: Adds the selected Task to an existing Baseline.

Create New Task: Open a dialog that will allow you to create a custom task from scratch.

To learn more about a Task, double-click it from the list or right-click and choose Open from the pop-up menu.

That will bring up a Task document in the work area below.

This dialog is available by clicking on the Tasks tab or selecting View > Tasks.

Unmanaged Assets

The Unmanaged Assets tab lets you monitor network assets like routers, printers and scanners. This feature lets

you import data from an external data source describing such network assets. You can view the data from within the BES Console, and you can incorporate it into BES Web Reports. In addition to peripherals, you can

monitor and identify computers within the enterprise that are currently unmanaged by BES.

The Nessus scanner is currently supported.

This dialog is available by selecting the Unmanaged Assets tab in the BES Console, if available.



Unmanaged Assets: Summary

The Unmanaged Assets Summary presents you with a list of issues that affect the selected unmanaged asset,

including network assets such as routers, switches, and printers as well as computers that are not currently

managed by BES.

When you select an unmanaged asset from the list, a dialog box opens in the lower window displaying the name

of the asset and certain key fields. Below that is a list of issues. Click on an issue to open it up. An explanation

of the issue is presented, often including links or directions for how to address the issue.

This dialog is available by selecting the Unmanaged Assets tab in the BES Console, if available. Double-click

to select an asset from the list.

Users Tab

The Users tab can be found in various Action dialogs. It allows you to fine tune the delivery of Actions based

on the presence of users. For instance, you can target long installs to just those computers where the users have

logged off, ensuring that no downtime is incurred by the install.

For installations that require user feedback, you can also expose specific sets of users to an interface. There are

three main user modes:

Run only when there is no user logged on: Execute the action only in the absence of a user. This

might be desired for long installs that might happen overnight, but only on logged-off clients.

Run independently of user presence, and display the user interface to the specified users: Execute

the action whether a user is present or not. This can be useful for critical patches or small, silent updates. You can specify a set of users (below) that will be allowed to view the BES Client interface.

Run when at least one of the specified users is logged on, and only display the user interface to

those users: Execute an Action and display a dialog only when one of the users specified below is logged on. This might be desired when the action requires feedback or intervention from specific

groups of users.

The lower section of this dialog lets you select user groups for notification and interaction:

All users: Click this button to select all users for interaction with the user interface.

Local users: Select only local NT-Vista users to interact with the user interface.

Users in the following groups: Select users from the group below to interact with the user interface. Typical groups include Local, WinNT and Win9x users. There are also some buttons to help you select

user groups:

Add Domain Group: Add an NT Domain group of users. Add Local Group: Add a local NT-Vista group to the set of users.

Add All Win9x Users Group: Add users who are logged in to Win 9x Clients.

Add All WinNT Users Group: Add users who are logged in as WinNT users.

Remove: Remove the selected user group from the list.

This tab is available from several different dialogs: Take Action, Take Multiple Actions, Action Settings and

Edit Computer Settings.



View Action Info

The View Action Info dialog displays information on a specific action for a given computer.

Title: Shows the title of the Fixlet or Task containing the Action.

Computer name: The name of the selected computer.

Summary: A summary of the Action deployment for this computer.

This dialog is available from any Action document in the bottom panel. Select the Computers tab, right-click

on a computer and select Show Action Info from the pop-up menu (or select Show Action Info from the Edit

menu). You can also see this information listed in the Action History tab of any Computer document.

View Web Reports

The View Web Reports dialog provides access to network information which is collected from various BES Servers and aggregated into a set of HTML reports. These include summaries of the history and status of Fixlet

messages and Actions across extended networks of computers. These reports can be used to track software

deployments and compliance across a global network of independent LANs.

When the servers have aggregated the various databases, the Launch Web Reports button becomes active.

Click it to continue on to the Web Reports program.


Tools > Launch Web Reports or Launch Web Reports from the Navigation Bar.

Visualization Parameters: Colorization

The Colorization tab of the Visualization Parameters dialog lets you customize the colors for a graphical

representation of your network. This tab offers four different ways to color the data:

No colorization of computers: Select this option to have every computer displayed as white.

Colorize computers by Retrieved Property: Select the colors of the BES Client computers based on the specified retrieved property.

Colorize computers by Action Status: Base the colors of the computers on the current status

(completed, open, expired) of a specified action. Specify the desired Action in the filter/list box below. Colorize computers by Fixlet Message Relevance: Color each computer based on the Relevance

(applicable or non-applicable) of specific Fixlet messages. Specify the desired Fixlet message in the

filter/list box below.

Colorize computers by Baseline Relevance: Color each computer based on the Relevance (applicable or non-applicable) of specific Baseline groups. Specify the desired Baselines in the filter/list box

below..

Colorize computers by Relevance Clause: Color each computer based on a Relevance Clause, as

specified in the text box below.




Tools > Launch Visualization Tool > Colorization

Visualization Parameters: Computers

The Computers tab of the Visualization Parameters dialog lets you limit the number of computers to be

graphed:

Show all computers in visualization: This is the default option, allowing all BES Clients to be

displayed Show only selected computers in visualization: This option brings up a computer filter/list allowing

you to specify any subset of computers in your network by retrieved properties or groupings.


Tools > Launch Visualization Tool > Computers

Visualization Parameters: General

The General tab of the Visualization Parameters dialog helps you to customize a graphical representation of

your network. There are several ways to represent the data:

Use BES Relay structure: Display the network tree from the BES Relay point of view. This is the

default view.

Use Active Directory Structure: Use the Active Directory to map out the network tree for

visualization. Use IP Address Structure: Use the IP architecture to map out the network tree.

Use Retrieved Property Path Structure: Use standard or custom properties of the client computers to

map out a custom network tree. If you select this option, you must specify the desired path-style property from the section below:

Path Retrieved Property: This pulldown menu lists the available BES Client properties.

Select one of these to define the network graph. A path-style property has a separator string to delimit the parts of the path. For instance, if you use an IP address as a path, you would select a

period as a separator. Another example is an actual directory path, where the delimiter is a

backslash. You can also create your own custom paths by concatenating fields with your own

chosen separator. Path Separator String: Enter the delimiter you want to use to parse the path specified above.

For instance, to create a hierarchy from a directory path, use '\' as a separator string..

Reverse Path Hierarchy: Check this box if your chosen path-style property has the most significant part on the right instead of the left.

Use first result if the computer has more than one result for this retrieved property: Many

properties return a list, rather than a single item. These values can be ignored, or you can check

this box to have the first element in the list used for the network map. Group computers with the same retrieved property value: This option will create easy-to-

visualize groups from computers sharing the same property.



Show labels on leaf nodes: Check this box if you want to display labels next to the computers at the

leaf nodes of the network tree.


Tools > Launch Visualization Tool...

Visualization Tool

The BES Visualization tool allows administrators to view and manipulate data from their network. You can

display network locations, relay hierarchies, Active Directory domains and other administrator-defined

hierarchies.

The tool makes it possible to view a real-time graphical network map showing Fixlet message status, Action

status, Retrieved Property information and much more. For instance, you could view all computers that are

currently unpatched for a specific Fixlet across your enterprise, and watch the clients change from red to green

as the patch is propagated.

This dialog allows you to load and save your preset preferences, so you can customize individual views of your

network. The presets are managed with a simple interface:

Preset: Select a preset from this pull-down menu of previously-defined preferences.

Show only personal presets: Check this box to filter down the list of presets to just those you have

personally created. Save Preset: Click this button to save the current set of preferences as a named preset. You can choose

to make your presets private, or you can share them with other BES Operators.

Delete Preset: Deletes the currently selected preset.

Below the Preset interface, there are three tabbed areas:

General: Describe the network hierarchy according to the specified structure. Colorization: Set up a coloring scheme for the display.

Computers: Select all computers or a specified subset.

Click OK to run the Visualization tool with these values.


Tools > Launch Visualization Tool



Web Reports

Overview: to see important metrics of your BES installation, including Fixlet messages, actions,

computers and vulnerability. Reports: to view previously saved reports.

Create: to create new reports.

Schedule: to automatically generate reports on a specified timetable.

Email: to establish your email SMTP server and domain. Users: to list and add users to those who have permission to log into Web Reports.

Database: to view and check the connection status of the BES database.

The Web Reports interface is HTML and is viewed with your browser. This means you can get information and

reports on your network from any Internet connection, anytime.

You can look at the data in the BES database from several different points of view and save or print the output for inventory or audit purposes. You can export the reports for further manipulation in a spreadsheet program.

You can also import or download summary reports specially prepared by BigFix or your own IT department.

Web Reports starts up with a graphical overview of all the issues affecting your network. You can see at a

glance how your remediation and policy enforcements are proceeding. At the top of the screen, there are several

options for manipulating and viewing reports. These include:

On the left side of the screen there are some quick-select panels for Current Reports, Favorites and Recent

History. There are several options listed in the Current Report panel, including the ones listed below:


this pull-down to create and manage filters as well. o Configure Report. Allows you to sort and summarize the data.

o Store Report. Saves your report to a public or private space.

o Export to CSV. Creates a comma-separated value (CSV) list which can be read into a

spreadsheet. o Printable Version. Reformats the report for printing.

o Email Report. Allows you to email the report. You must set up your email connection (from

the Email tab) before this option will appear. Favorites. Lists your current favorite reports Simply click on one to run the report.

Recent History. Contains a list of the previous Web Reports activity. Click on one to return to that

task.

BES Web Reports can be viewed at any time by selecting Start > Programs > BigFix Enterprise > BES Web

Reports from the desktop.

Within the BES Console, select Tools > Launch Web Reports or Reports > Launch Web Reports from

Navigation bar.



Web Reports: Create

The Create section of Web Reports allows you to create your own custom reports. You can choose from some

basic report categories, and then customize the report by sorting and setting summation fields. The basic

categories include the following:

Computer: There are two options here: Computer Properties: this is a list of computers and their properties. You can sort the list by up to

three property fields. You can group the resulting table by database or the group they reside in. You can

sum over all those computers with a given property. You can also include Fixlet information on a

computer-by-computer basis. All Computers: simply a list of all networked computers. You can filter this list by the name of the

computer.

Retrieved Property: Create a report that sums over any single computer property (such as OS), and display the results graphically. You can customize this report by selecting the kind of graph you want to

use, the color scheme and the maximum number of values you want to chart.

Analysis: simply a list of all Analyses. You can filter this list by the name of the Analysis.

Fixlet: There are several options here: All Fixlets: a list of all Fixlet messages. You can filter this list by Fixlet name.

Relevant Fixlets: a list composed only of Relevant Fixlet messages. You can filter this list by Fixlet

name. Issue Assessment: a list of Fixlet messages (sorted by the Retrieved Properties you specify), showing

computer counts for relevance and remediation of each Fixlet. You can select individual Fixlet

messages to narrow the focus of your report. Issue Compliance: a list of Fixlet messages showing the status, including how long each Fixlet has

been relevant or whether it has been remediated. You can select individual Fixlet messages to narrow

the focus of your report.

Fixlet Progress: a list of individual Fixlets with a progress report on each. The number of computers affected and the deployment penetration are listed, along with the first date of detection. If the Action

has been successfully deployed, it will also list the average time it took to remediate the issue. You can

filter this report by Fixlet site and individual Fixlet messages. Task: a list of all tasks. You can filter this list by the name of the task.

Baseline: a list of all Baseline groups. You can filter this list by the name of the Baseline.

Action: a list of all Actions, including each one's Status and Sitename. For each Action there is a count of the number of computers targeted and the number fixed.

History: There are several options here:

Fixlet History: a graphical display / report of individual Fixlets with a progress report on each. The

number of computers affected and remediated are displayed graphically over a specified time period. You can choose the Fixlet site to include and specify a subset of Fixlets to filter the report.

Relevant Issue History: a graphical display / report of the number of relevant issues over time. This

chart shows how the size of your network is growing, as well as how many Fixlets have been targeted to them. The number of Fixlets that are relevant is charted (measured by the left axis), along with the

total number of computers connected to your network (measured by the right axis). You can specify the

time span for the report as well as the data-averaging period.

Average Relevant Issue History: a graphical display / report of the average number of Relevant Fixlets per computer over a specified time period. Since a Fixlet Action typically make a Fixlet no

longer relevant, this chart ought to show a decrease in relevant Fixlets as time goes on -- at least until

new Fixlets are issued. Unmanaged Assets: a list of your unmanaged assets, as defined by sources such as NMAP. You can

select a set of retrieved properties to include in your report.



Operators: a list of all BES Console Operators. You can filter this list by Operator name.

Hidden: a list of all hidden items, including Fixlet messages, Tasks, etc.

Advanced: a blank form for creating custom reports.

Most reports can be sorted by clicking on any field header in the report. Many can be further filtered by name,

helping to create shorter, individualized reports.

The Create section of BES Web Reports can be viewed at any time by launching Web Reports and then

clicking on Create from the toolbar at the top.

Web Reports: Advanced

The Advanced section of Web Reports lets you name, describe and categorize a custom report. A report like

this is actually code that generates a printable report. It typically consists of HTML with embedded Relevance commands. You can choose to make this report public or private. For more information, see the BigFix Web

Reports guide.

You can view the Advanced section of BES Web Reports at any time: launch Web Reports, click on Create

from the tabs at the top, then click on the Advanced > Blank Report button.

Web Reports: Database

The Database section of Web Reports allows you to add, delete, edit and validate your BES databases. It lets you adjust your cache settings as well as certain database options (including whether or not to evaluate

Relevance).

The Database section of BES Web Reports can be viewed at any time by launching Web Reports and then

clicking on Database from the toolbar at the top.

Web Reports: Email

The Email section of Web Reports allows you to establish your email SMTP server and default domain. Click

the Edit button to set up your email, and use the Test button to send a sample message to validate it.

The Email section of BES Web Reports can be viewed at any time by launching Web Reports and then

clicking on Email from the toolbar at the top.



Web Reports: Overview

The Overview section of Web Reports lets you view important metrics of your BES installation, including

Fixlet messages, actions, computers and vulnerability. There are several historical graphs, and you can select

any period you wish to view. Some of the charts include:

Total Issues: This chart sums and groups Fixlet messages by their severity rating.

Total Number of Computers: This chart shows the growth of your networked BES Clients over time, as of

last midnight.

Computer Vulnerability Status: This graph displays an interesting view of the overall health of your network,

grouping computers by their severity rating.

Issues Remediated: This graph displays issues that have been fixed over time, grouped by severity.

Beneath the graphs there are two other lists:

Overall Statistics: A high-level overview of your BES Network, including the number of Clients, Fixlet

messages, Tasks, Actions, Analyses, etc.

Top 10 Critical / Important Issues Detected: A list of encountered issues, their severity, the number of computers affected and their current state of remediation. You can click on any link in this list to view an

individual Fixlet report.

BES Web Reports Overview can be viewed at any time by launching Web Reports and then clicking on

Overview from the toolbar at the top.

Web Reports: Reports

The Reports section of Web Reports lets you view and manage previously saved reports. Each report you've

created and saved is listed here for you to review. Simply click on the title to generate a fresh report.

As with all reports, you can click on the headers to sort by any column in ascending or descending order. The

column headers include Name, Category and Creator.

The Reports section of Web Reports can be viewed at any time by launching Web Reports and then clicking on

Reports from the toolbar at the top.



Web Reports: Schedule

The Schedule section of Web Reports allows you to automatically generate Reports on a specified timetable.

Click the New button to add a report schedule. When you do, you will be presented with an interface that lets

you specify the details of the scheduled activity.

Set the starting time and expiration of this scheduled activity. This specifies the lifetime of this particular

scheduled report. There are several sections to help you define your scheduled activity:

Activity Report: Select the desired report from the pull-down menu and specify either HTML or CSV

as a format.

Activity Triggers: The activity can be scheduled on a regular basis or it can be triggered by a custom Relevance statement that you can enter and test in the text box. You can also specify that the activity

will be triggered whenever a report changes. It can be helpful to include the trigger information in the

report as well. The detection and notification will only be as fast as the refresh cycle of Web Reports, which is set to 20 minutes by default.

Activity Actions: Should you want to automatically inform yourself (or someone else) of a change in

the operating environment, check the Email box and enter the Email address of the recipient, along

with a subject line and accompanying text. You can send the report itself or just a link. If you want to Archive the report, select an appropriate folder on the server. You can also specify how long you wish

to keep the report in the archive and limit the size (by space or number of entries) of the archive.

Finally, you can run an Executable whenever the activity is triggered. The executable must be a shell program that runs in the background (without a UI). You can pass arguments to this program, including

the name of the activity and the creator, as well as the report itself. Click on the question mark after

Customized Executable for more information.

The Schedule section of BES Web Reports can be viewed at any time by launching Web Reports and then

clicking on Schedule from the toolbar at the top.

Web Reports: Users

The Users section of Web Reports allows you to list and add users to those who have permission to log into

Web Reports. Click the Add New User link, then specify the name, password and administrative rights you

want to allocate to this new user.

The Users section of BES Web Reports can be viewed at any time by launching Web Reports and then clicking

on Users from the toolbar at the top.

BES Console Guide Page 163 GLOSSARY


Glossary

action password—See BES signing password.

Analysis—A set of retrieved properties that can be used to organize and report on your network.

BES—See BigFix Enterprise Suite.

BES Client—Software installed on each networked computer to be managed under BES. The Client accesses a

pool of Fixlet messages, checks the computer it’s installed on for vulnerabilities, and sends the BES Server a

message when such a condition occurs.

BES Console—A management program that provides an overview of the status of all the computers with the

BES Client installed in the network, identifying which might be vulnerable and offering corrective actions.

BES database—A component of the BES system that stores data about individual computers and Fixlet

messages. The BES Server’s interactions primarily affect this database, which is a standard Microsoft product (SQL Server 2000 or 2005).

BES Generator Install folder—The directory on the installation computer where the Generator places the

installation files for the BES system.

BES Installation Generator—An application that creates installers for the core BES system components.

BES Relay—This is a BES Client (Win 2k, 2k3 or XP) that is running special server software. Relays spare

your server and the network by minimizing direct server-client downloads and by compressing upstream data. Relays are automatically discovered by BES Clients, which dynamically choose the best Relay to connect to.

BES Server—A collection of interacting applications (web server, database server, etc.) that coordinates the

relay of information to and from individual computers in the BES system. The server processes may be hosted

by a single server computer or segmented to run on separate server computers.

BES signing password—The password (specified when the BES system was installed) used by a BES Console

operator to sign an action for deployment. It is called the action password in the Console interface.

BES Site Administrator—The person in charge of installing BES and authorizing BES Console operators.

BES system install folder—The directory on the BES Server where the BES Server and related files (including

Console and Client installers) will be installed.

BigFix technology—A process that enables knowledgeable computer technicians to disseminate information about the causes of computer problems to BES Clients across a network and provide automatic solutions for

them.

BigFix Action Scripting Language—The language used for crafting action scripts. Action can be crafted in

different scripting languages, including AppleScript and Unix shells.

BigFix Enterprise Suite (BES)—A preventive maintenance tool for enterprises that monitors computers across

networks to find and correct vulnerabilities with a few simple mouse-clicks.

BigFix Relevance Language—The language in which relevance clauses are written.

DSA—Distributed Server Architecture. Multiple BES Servers are linked to provide full redundancy in case of

failure.

Fixlet message—A mechanism for targeting and describing a problematic situation on a computer and

providing an automatic fix for it.

BES Console Guide Page 164 GLOSSARY


Fixlet servers—Web servers offering Fixlet site subscriptions. They can be either internal to the enterprise

network or external to the network (if direct external web access is allowed).

Fixlet site—A trusted source from which the BigFix Client obtains Fixlet messages.

installation computer—A secure computer (separate from the BES Server computer) that hosts and runs the

BES Installation Generator.

Management Rights—Ordinary BES Console Operators can be limited to a specified group of computers.

These limits represent the management rights for that user. Only a BES Site Administrator or a Master Operator can assign management rights.

Master Operator—A BES Console Operator with administrative rights. A Master Operator can do almost

everything a BES Site Administrator can do, with the exception of creating new operators.

masthead—Files containing the parameters of the BES process, including URLs that point to where trusted

Fixlet content is available. The BES Client brings content into the enterprise based on subscribed mastheads.

Mirror server—A server required in the BES system if the enterprise doesn’t allow direct web access but instead uses a proxy server that requires password-level authentication.

Operator—A person who operates the BES Console. Ordinary operators can deploy Fixlet actions and edit

certain computer settings. Master Operators have extra privileges, among them the ability to assign

management rights to other operators.

signing password—See BES signing password.

SQL server—A full-scale database engine from Microsoft that can be acquired and installed into the BES

system to satisfy more than the basic reporting and data storage needs. A step up from MSDE.

standard deployment—A deployment of BES that applies to workgroups and to enterprises with a single

administrative domain. It’s intended for a setting in which all BES Client computers have direct access to a sin-

gle internal server.

Task—A special type of Fixlet message that can be used to establish corporate policy or maintain a common operating environment. You can create your own custom Tasks.

Throttling—A technique to limit bandwidth to accommodate shared users or thin connections. Throttling can

be static or dynamic.

Unmanaged Assets—A list of routers, printers and non-client computers that allows the BES Console to

extend coverage to these otherwise unmanaged devices.

Visualization—A tool for graphically analyzing your BES network data.

VPN—Virtual Private Network. An encrypted channel (or tunnel) that allows companies to extend their local-

area networks across the world by using an inexpensive Internet connection.

Web Reports—These reports can be collected from various BES Servers, providing a way to centrally

administer a set of separate networks.

BES Console Guide Page 165 INDEX


Index

A

Action

History · vi, 5, 11, 16, 22, 81, 93, 97, 98, 127,

150, 154

Summary · 57

Action Button · 5, 6, 131, 132

Action Document · vi, 80

Action Progress Report · vi, 82

Action Script · vi, 29, 31, 80, 83, 85, 113, 138, 139,

147, 148, 162

Action Script Type · 83, 113, 138, 139

Action Settings · vi, 83, 113, 115, 124, 135, 136,

137, 153

Action Success Criteria · 113

Action tab · 31, 84, 137

actions · 1, 2, 3, 6, 8, 9, 10, 11, 14, 16, 17, 18, 21,

22, 28, 29, 30, 31, 33, 35, 46, 49, 54, 57, 71, 73, 74, 75, 79, 81, 83, 84, 85, 93, 94, 95, 97, 98, 103,

107, 112, 113, 123, 124, 126, 127, 128, 132, 135,

137, 138, 139, 142, 149, 151, 157, 160, 162, 163

Actions Tab · vi, vii, 86, 97, 98, 113

activate · 44, 48, 90, 110, 116

Activate Analysis · 70

Activated By · 43, 88

Active Directory Path · 104, 106

Active Directory Structure · 155

Add Custom Setting · vi, 87

Add New · 15, 34, 133, 161

Add Property · 44, 109, 110

Administered Computers · vi, 46, 107

Administration · 46, 47, 64, 106, 117

administrator · 74, 142, 156

Affected Computer Count · 11, 17

afxm · 48

aggregate · 3, 52, 53

Aggregation · 52

alert · 135

All Analyses · 43, 45, 57

All Fixlets · 57, 158

All Operators · 57

All Unmanaged Assets · 57

AMD · 14

Analyses Tab · vi, 88, 99

Analysis Document · vi, 90

Apple · 83, 138, 139

AppleScript · 83, 113, 138, 139, 162

Applicable Computer Count · 11, 17, 22, 43, 88,

94, 96, 128, 151

Applicable Computers · vi, 5, 11, 16, 21, 42, 90, 91, 93, 127, 150

Applicable Tasks · vi, 17, 97, 98, 151

architecture · 155

archive · 52, 161

Arrange Icons · 78

assessment · 54

Asset ID · 68

Assign BES Relays Manually · 63, 119

Assign User Management Rights · vi, 47, 72, 91,

92, 107, 108, 109

Assignment · vi, 108

audit · 2, 3, 9, 32, 45, 109, 157

authenticate · 163

authentication · 29, 35, 106, 163

authorize · 47, 49, 81, 95

Average Relevant Issue History · 57, 158



B

bandwidth · 19, 32, 61, 63, 64, 65, 117, 124, 140,

163

Baseline · vi, vii, 10, 21, 22, 23, 24, 25, 28, 54, 57, 60, 69, 71, 72, 74, 81, 83, 84, 91, 92, 93, 94, 95,

96, 97, 98, 99, 110, 111, 112, 113, 114, 115, 116,

117, 118, 119, 128, 130, 138, 139, 141, 152, 154, 158

Baseline Document · vi, 93

Baselines Tab · vi, 94, 99

BBS · 143

BES

Client · 2, 3, 5, 6, 11, 12, 13, 14, 17, 18, 19, 22,

23, 24, 26, 27, 28, 29, 31, 32, 33, 34, 35, 36, 37, 40, 42, 43, 44, 45, 48, 50, 56, 59, 61, 62,

63, 64, 65, 66, 68, 69, 73, 74, 75, 76, 80, 81,

84, 88, 90, 94, 102, 104, 105, 106, 118, 119,

121, 122, 124, 128,馴130, 132, 133, 135, 136,

140, 142, 145, 147, 148, 149, 151, 153, 154,

155, 160, 162, 163

Console · iii, vi, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13,

14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 25, 27,

29, 34, 35, 36, 43, 44, 46, 47, 49, 53, 55, 57, 62, 67, 68, 69, 70, 73, 74, 75, 76, 78, 79, 80,

81, 84, 88, 90, 91, 93, 95, 96, 98, 100, 106,

107, 108, 109, 111, 113, 116, 117, 118, 119,

120, 121, 126, 128, 129, 130, 131, 132, 133, 135, 136, 137, 140, 141, 147, 148, 149, 150,

152, 153, 157, 159, 162, 163

database · 162

Generator Install folder · 162

Installation Generator · 162, 163

Relay · v, 3, 4, 60, 61, 62, 63, 64, 65, 71, 119,

121, 124, 142, 155, 162

Server · v, 1, 3, 4, 19, 27, 30, 52, 53, 61, 62, 63,

64, 66, 75, 77, 119, 130, 140, 142, 154, 162,

163

signing password · 162, 163

Site Administrator · 163

system install folder · 162

BES Administrator's Guide · 53

BES Relay structure · 155

BES Server · 162

BigFix · i, 1, 2, 3, 4, 5, 7, 13, 14, 15, 18, 20, 23, 24,

26, 30, 31, 32, 36, 38, 39, 42, 48, 50, 53, 55, 61,

68, 76, 77, 78, 79, 83, 113, 118, 119, 124, 130,

136, 138, 139, 143, 145, 157, 159, 162, 163

Action Scripting Language · 162

Enterprise Suite (BES) · 162

Relevance Language · 162

BigFix Action Script · 18, 83, 113, 138, 139, 162

BigFix Enterprise Suite (BES) · 162

BigFix Sites · 48

BIN · 162

Bios · 14

bottleneck · 61

bsd · 83, 138, 139

bulletin · 143

By Retrieved Properties · 32

C

cache · 19, 64, 65, 141, 159

Cache options · 141

caching · 64, 69, 77, 141

cancellation · 137

Cascade · 78

categories · 12, 17, 19, 22, 28, 29, 33, 36, 40, 43,

56, 117, 158

categorize · 56, 159

Category · 11, 17, 19, 24, 28, 112, 116, 117, 122, 128, 136, 151, 160

Change Password · 96

change the locked status · 35

charted · 33, 158

charts · 3, 53, 160

checkbox · 35, 50

child · 60



chunks · 33, 41

Client · iv, 3, 10, 14, 26, 27, 28, 31, 32, 35, 36, 37,

42, 50, 66, 72, 73, 82, 98, 104, 105, 110, 140, 145, 147, 148, 162, 163

Client Computers · iv, 32, 140

Client Dashboard · iv, 36

clipboard · 70, 86, 88, 95, 103, 106, 109, 128, 152

clock · 14, 35

clone · 12, 18, 23, 71, 114, 116, 122, 133

Close All · 78

collect · 33, 50

color · 3, 60, 140, 154, 158

Colorization · viii, 60, 140, 154, 155, 156

Colorize · 154

colors · 56, 140, 154

column · 5, 11, 16, 17, 21, 22, 32, 33, 36, 42, 43,

57, 58, 75, 86, 88, 91, 94, 96, 98, 102, 105, 109, 110, 120, 128, 131, 132, 133, 151, 160

comfortably · 136

Comments · vi, vii, 29, 75, 85, 96, 98, 100, 142

compiles · 63, 142

compiling · 61

compliance · 2, 5, 24, 32, 54, 57, 130, 154

compress · 3

Computer Document · vi, 98

computer group · 5, 41, 50, 73, 91, 102, 103, 110,

145

Computer Group Document · vi, 100

Computer Groups Tab · vi, 102

Computer Name · 32, 37, 104, 105, 145

Computer Properties · 56, 158

Computer Settings · 35, 87, 122

Computers · iv, v, vi, viii, 5, 12, 17, 22, 26, 29, 32,

33, 34, 35, 36, 40, 41, 43, 50, 56, 60, 62, 63, 73, 79, 80, 85, 87, 91, 96, 97, 98, 99, 101, 103, 104,

105, 106, 107, 118, 120, 125, 130, 134, 142, 149,

154, 155, 156, 158, 160

Computers Tab · vi, 99, 101, 105

concatenation · 33, 59, 155

conditionally · 73

configuration · 3, 46, 62, 73

configure · 64

confirmation · 31, 135, 140

Connect to Database · vi, 106

Connections · 61

connectivity · 30

Console · i, vi, 1, 3, 4, 5, 13, 14, 17, 19, 22, 25, 30, 33, 35, 43, 44, 45, 46, 47, 50, 67, 68, 69, 73, 74,

79, 81, 88, 89, 91, 92, 95, 96, 103, 107, 108, 109,

128, 130, 131, 132, 140, 141, 144, 149, 152, 162, 163

Console Operator Document · vi, 107

Console Operators · vi, 5, 46, 47, 50, 73, 92, 107,

108, 109, 131, 163

Console Operators Tab · vi, 108

context · 5, 24, 40, 65, 87, 88, 94, 95, 103, 105,

106, 111, 114, 127, 131, 136, 141, 151, 152

CPU · 14, 32, 56, 62, 104, 105

Create Analysis · vi, vii, 44, 109, 110

Create Automatic Computer Group · vii, 110

Create Baseline · 57

Create Custom Copy · 12, 18, 23, 95, 103, 114,

115, 117, 122, 128, 152

Create Custom Object Copy · 71

Create Custom Site · vii, 50, 111, 134

Create New Analysis · 44, 74, 89, 109, 110

Create New Fixlet Message · 12, 74, 116, 117

Create New Task · 18, 74, 122, 152

Creation Time · 68

credentials · 107, 108, 109

CSV · 54, 58, 157, 161

Custom Setting · 120, 143

Custom Settings · 120



customize · 2, 12, 13, 14, 18, 23, 26, 28, 31, 36, 42,

44, 56, 71, 83, 84, 91, 95, 103, 113, 114, 115,

116, 117, 121, 122, 128, 133, 136, 140, 147, 148, 152, 154, 155, 156, 158

CVE · 13, 18, 19, 23, 24, 117

D

Dashboards · v, 36, 60, 76, 111

database · 3, 35, 36, 46, 52, 53, 58, 72, 74, 86, 88,

89, 95, 106, 128, 141, 152, 157, 158, 159, 162,

163

datasets · 33

Deactivate · 70, 89

Deactivate Analysis · 70

Delete Action · 72, 87

Delete Preset · 31, 83, 146, 147, 156

delimit · 155

delimiter · 59, 155

department · 5, 21, 32, 40, 46, 48, 92, 107, 108, 143, 157

deploy · 5, 6, 10, 16, 21, 29, 31, 48, 77, 83, 87, 109,

112, 114, 116, 121, 122, 131, 138, 139, 148, 149, 163

deployment · 4, 8, 11, 12, 13, 18, 19, 21, 23, 24, 27,

28, 30, 46, 65, 75, 76, 79, 81, 84, 95, 113, 118, 128, 130, 136, 147, 148, 149, 150, 154, 158, 162,

163

descending · 88, 94, 102, 105, 109, 128, 151, 160

Description tab · 5, 10, 16, 29, 40, 42, 64, 100, 112, 116

deselect · 131

designate · 61, 63

desktop · 53, 55, 157

developers · 79

Directory · 59, 60, 104, 106, 155, 156

disconnected · 61

discovery · 61, 119

disposition · 84

Distributed Server Architecture · 162

DNS · 38, 68

DNS Name · 38, 68

Document Area · 5, 131

Document tabs · 5, 131

Domain · 68, 153

Download Mastheads · 48

Download Size · 11, 17, 19, 24, 112, 116, 117, 122,

128, 151

DSA · 162

dynamic bandwidth throttling · 65

E

Edit Computer Settings · vii, 35, 62, 63, 65, 71, 87,

91, 106, 119, 120, 121, 122, 124, 135, 143, 149, 153

Edit Custom Analysis · 44, 109, 110

Edit Custom Object · 71

Edit Menu · v, 70

Edit Multiple Computer Settings · 142

Edit Script Element · vii, 119

efxm · 48

eligible · 51

Enter Private Key · vii, 122

environment · 2, 3, 10, 21, 65, 114, 161, 163

Evaluate every · 110

Excel · 53, 56, 76

Execution tab · 28, 29, 85, 123, 149

expiration · 9, 27, 29, 30, 35, 82, 85, 141, 146, 147, 149, 161

expire · 123

export · 3, 45, 53, 69, 87, 133, 157

Export to CSV · 54, 58, 157

extension · 48

extensive · 15



F

feedback · 49, 143, 153

File Menu · v, 69

Filter · 5, 6, 30, 54, 55, 56, 58, 131, 132, 157

Filter Panel · 5, 6, 131, 132

Filter Report · 54, 58, 157

finalize · 47

find · 162

Find · vii, 72, 115, 125

fix · 3, 8, 10, 14, 16, 21, 28, 29, 30, 146, 162

Fixlet

message · 162, 163

servers · 163

site · 163

Fixlet Document · vii, 126

Fixlet List · 140

Fixlet Message · iii, vii, 5, 6, 7, 10, 11, 12, 13, 73,

96, 104, 116, 125, 127, 130, 131, 132, 154

Fixlet Messages · iii, 5, 6, 7, 10, 11, 12, 13, 73, 96,

104, 125, 127, 130, 131, 132

Fixlet messages Tab · vii, 101, 127

Fixlet Progress · 57, 158

Fixlet Subscriptions · 48

flag · 103

floor · 59

frequency · 30, 49, 143

frozen · 149

function · 149

G

GatherURL · 143

gauge · 2, 60

geographic · 77

GHZ · 62

gigabyte · 65

global · 13, 19, 25, 45, 130, 154

Globally Hide

Analysis · 45

Object · 70

Task · 152

Globally Unhide

Object · 70

Task · 152

graph · 3, 56, 60, 155, 158, 160

graphical · 32, 52, 55, 57, 59, 154, 155, 156, 157,

158

graphs · 2, 3, 76, 160

groupings · 11, 17, 22, 43, 54, 57, 107, 155

H

hardware · 34, 42, 48, 62, 143

headers · 5, 11, 16, 21, 22, 32, 33, 36, 42, 43, 68,

75, 81, 86, 91, 98, 103, 131, 132, 142, 160

headings · 33, 88, 94, 102, 105, 109, 128, 151

heartbeat · 69, 140

Help for the BES Console · vii, 129

Help Menu · v, 78

hidden · 13, 19, 25, 45, 54, 58, 72, 95, 125, 128,

152, 159

hierarchy · 4, 59, 60, 65, 75, 104, 106, 155, 156

Highlight · 110

historical · 54, 57, 160

HKEY · 14

hops · 62, 64, 65

HTML · 10, 15, 16, 18, 21, 23, 24, 28, 36, 37, 42,

58, 75, 80, 84, 90, 93, 109, 116, 122, 127, 130, 136, 141, 150, 154, 157, 159, 161

hyperlink · 6, 11



I

icon · 5, 35, 119, 136, 141

ID · 10, 11, 13, 17, 18, 19, 22, 23, 24, 81, 86, 94,

104, 106, 117, 128, 141, 151

identifier · 86

IDs · 68

IE · 14, 104, 105

iexplore · 14

input · 1, 30, 70, 75, 77, 87

inquiry · 94, 102, 105, 127, 151

inspect · 6, 10, 14, 16, 26, 49

Inspector · 13, 18, 23, 24, 31, 33, 118

Inspector Guide · 31, 33, 118

inspects · 3

Install · iii, 3, 15, 32, 33, 46, 62, 64, 153, 162, 163

Install BES Relay · 64

installation · 162, 163

instructed · 61

instructions · 1, 67

Intel · 14

interactive · 135

interface · 1, 2, 9, 18, 28, 29, 30, 32, 36, 50, 51, 53,

67, 74, 84, 85, 114, 129, 131, 133, 136, 140, 144,

145, 153, 156, 157, 161, 162

Internet · 3, 4, 14, 104, 105, 157, 163

inventory · 9, 44, 45, 157

IP · 21, 40, 60, 67, 68, 133, 155

IP Address · 60, 67, 68, 133

IP Address Structure · 155

Issue Assessment · 57, 158

Issue Compliance · 57, 158

Issued Actions · vi, 46, 107, 108

Issued By · 86

K

key · 12, 13, 14, 18, 19, 23, 24, 34, 35, 44, 45, 48,

67, 70, 75, 81, 96, 130, 153

keywords · 96

kilobytes · 64

L

LAN · 61, 72, 106

laptops · 62

Last Login Time · 46, 103, 109

Last Report Time · 104, 105

latency · 140

launch · 13, 19, 25, 56, 159

Launch Web Report · vii, 45, 53, 55, 56, 75, 130,

154, 157

Launch Web Reports · vii, 45, 53, 55, 56, 75, 130, 154, 157

leaf · 156

Libraries · 13, 18, 23, 24

license · 48

licensing · 44, 45, 49, 134

Limit to XX reapplications · 124

linux · 83, 138, 139

List Panel · 5, 6, 131, 132

listings · 19, 24, 32, 33, 75

load · 37, 38, 61, 63, 84, 123, 124, 141, 156

Locally Hide

Analysis · 45

Fixlet Message · 13

Object · 70

Task · 19, 152

Locally Unhide

Object · 70

Task · 152

lock · 35, 83, 84, 113, 119, 142



Login · 27, 55, 56, 82

lookup · 77

lowercase · 14, 42

M

MAC · 68

MAC Address · 68

Macintosh · 2, 113

Main Console Window · vii, 130

Main Tabs · 5, 6, 130, 132

maintenance · 162

Manage Properties · vii, 15, 32, 34, 36, 44, 75, 132, 133

Manage Sites · vii, 48, 49, 50, 51, 75, 111, 134,

144, 145

Management · iv, vi, 46, 47, 92, 98, 103, 108, 163

management rights · 163

Management Rights · iv, vi, 46, 47, 92, 98, 103,

108, 163

managers · 1, 46, 107

Manual Computer Groups · iv, vii, 41, 99, 100, 134

master · 1, 7, 13, 19, 25, 45, 51, 109

Master Operator · 44, 46, 47, 49, 51, 103, 109, 132,

143, 144, 163

masthead · 163

Masthead · 48

maximum · 63, 64, 65, 158

megabytes · 65

menu · 1, 2, 5, 6, 9, 10, 11, 12, 13, 16, 17, 18, 19, 21, 22, 23, 24, 25, 28, 30, 32, 33, 34, 35, 36, 40,

41, 42, 44, 45, 47, 48, 49, 50, 51, 56, 60, 62, 63,

64, 65, 71, 72, 73, 74, 80, 83, 86, 87, 88, 89, 90, 92, 93, 94, 95, 96, 98, 100, 102, 103, 105, 106,

107, 108, 109, 110, 111, 113, 114, 115, 116, 117,

118, 119, 120, 122, 125, 126, 127, 128, 129, 130,

131, 134, 136, 138, 139, 142, 143, 146, 147, 150, 151, 152, 154, 155, 156, 161

Message

tab · 135

Title · 135, 137

metrics · 157, 160

mhz · 32

minutes · 2, 110, 124, 133, 137, 140, 161

Mirror server · 163

modifications · 12, 18, 23

monitor · 1, 27, 32, 42, 44, 46, 52, 68, 109, 132,

136, 152

months · 76

More Options · 120

mouse · 2, 10, 28, 32, 45, 73, 114, 162

MSDE · 163

N

Navigation Bar · vii, 5, 6, 7, 9, 12, 53, 55, 64, 74,

129, 130, 132, 136, 154

Nessus · 57, 68, 152

notepad · 86, 88, 103, 106, 109, 128

Numbered Windows · 78

numeric · 11, 17, 22, 86, 87, 94, 128, 151

O

offers · 7, 52, 69, 70, 73, 74, 78, 154

Office · 59

offline · 140

offload · 3

oldest · 75

online · 129

Open Action Count · 11, 17, 22, 94, 128, 151

Open File · 48, 141

Open Source Fixlet Message · 86

operator · 1, 3, 4, 6, 13, 19, 25, 35, 40, 42, 43, 45,

46, 47, 51, 57, 62, 74, 81, 88, 89, 91, 92, 103, 104, 107, 108, 109, 119, 125, 129, 132, 135, 137,

144, 149, 162



organization · 3, 17, 49, 92, 107, 151

OS · 32, 34, 37, 38, 41, 67, 68, 85, 100, 104, 105,

111, 118, 125, 158

Outgoing · 64

output · 33, 38, 39, 52, 53, 56, 157

overnight · 153

P

packed · 7

parse · 155

password · 12, 13, 18, 19, 23, 24, 29, 34, 35, 41,

44, 45, 48, 50, 54, 69, 70, 71, 81, 84, 95, 96, 106, 111, 122, 147, 148, 161, 162, 163

Paste · 70

patch · 2, 9, 11, 17, 63, 76, 77, 111, 112, 128, 151, 156

patented · 2

Path

Retrieved Property · 155

Separator String · 155

paths · 155

payroll · 143

pending · 81

Pentium · 14, 33

performance · 1, 33, 61, 64

periodically · 4, 141

persistent · 16, 40, 69

personnel · 2, 46, 81, 122

pointers · 96, 97, 115

policy · 2, 44, 45, 55, 65, 73, 74, 88, 109, 124, 141,

157, 163

popular · 113

postponement · 137

predefined · 32, 33, 36, 77, 104

preferences · 6, 69, 156

Preferences · vii, 6, 69, 74, 140, 141

prepackaged · 83

preset · 30, 31, 38, 83, 146, 147, 156

prevention · 162

preventive · 32, 162

Primary BES Relay · 63, 142

Primary Relay Server · 119

Printable Version · 54, 58, 157

printing · 2, 36, 37, 45, 52, 53, 54, 58, 68, 152, 153,

157, 163

Private Key · vi, 96

privileges · 51, 57, 109, 163

processor · 14, 32, 98

prompt · 18, 24, 135, 140

propagate · 10, 34, 35, 41, 50, 64, 71, 81, 110, 111

properties · 2, 3, 5, 9, 10, 13, 14, 15, 16, 18, 19, 21,

23, 24, 26, 31, 32, 33, 34, 36, 40, 41, 42, 44, 45,

49, 54, 56, 57, 59, 73, 74, 75, 91, 94, 98, 100, 101, 102, 103, 104, 105, 107, 108, 109, 110, 111,

112, 114, 116, 117, 122, 124, 127, 130, 132, 133,

134, 141, 143, 144, 145, 147, 148, 149, 150, 151, 155, 158, 162

Properties tab · 110, 117

Property name · 14

proxy · 163

pvk · 81

R

RAM · 38, 62, 104, 105

reapply · 85, 124, 147

rearrange · 5, 131

reconnected · 61

redefine · 103

redundant · 162

reevaluated · 97, 103, 104, 149

refine · 28, 56, 71

Reformats · 54, 58, 157



refresh · 37, 38, 69, 106, 140, 161

registration · 14

registry · 14, 34, 67, 73, 88, 112

relationships · 42, 59

Relay · 3, 19, 42, 61, 62, 63, 64, 66, 98, 104, 105,

142, 162

Relevance · iii, vii, 6, 10, 13, 14, 15, 16, 18, 20, 21, 23, 24, 26, 27, 29, 31, 32, 33, 34, 36, 37, 39, 40,

42, 44, 45, 58, 60, 71, 75, 80, 82, 85, 90, 91, 93,

97, 100, 101, 104, 109, 110, 111, 112, 114, 116, 118, 122, 127, 133, 134, 140, 141, 146, 150, 154,

159, 161, 162

Relevance Expression · iii, 6, 14, 15, 20, 32, 34, 104, 111, 118, 133, 141

Relevance tab · 118

relevant · 3, 4, 5, 6, 7, 9, 11, 13, 15, 17, 19, 20, 22,

25, 27, 28, 29, 30, 34, 35, 43, 53, 54, 56, 57, 73, 74, 82, 85, 88, 92, 94, 97, 98, 104, 111, 118, 124,

127, 128, 130, 135, 147, 149, 151, 158

Relevant Fixlet Messages · vi, 5, 7, 57, 98, 104, 131, 158

Relevant Issue History · 57, 158

Relists · 70

remediation · 9, 10, 11, 17, 26, 27, 32, 53, 55, 67, 128, 137, 151, 157, 158, 160

Remove

Computer · 36, 41, 71

Computer From Database · 71

Custom Object · 71

from Database · 36

Remove Property · 45, 110

Remove Site · 49, 134

rename · 83, 133, 146, 147

reopen · 130

repeatedly · 124

Report Type · 56

Reported Computers · 26, 80

representation · 154, 155

requirements · v, 19, 62, 85, 117, 144

responsible · 46, 96

responsiveness · 6, 19, 46, 63

Restart Action · 30, 72, 87

retrieved properties · 2, 14, 15, 32, 33, 36, 44, 47,

54, 56, 73, 89, 90, 91, 107, 111, 118, 121, 124,

141, 142, 147, 148, 155, 159, 162

Retrieved Properties · 54, 56, 60, 154, 155, 156,

158

retry · 31, 84, 124, 147, 148

Reverse Path Hierarchy · 155

revoke · 47, 72

Rollback · 77

routers · 68, 152, 153, 163

Run between · 123

Running Client · 68

S

safest · 149

SANS · 13, 18, 19, 23, 24, 117

Save Preset · 31, 83, 146, 147, 156

scope · 1, 13, 19, 21, 25, 42, 45, 91, 118

secondary · 56, 95, 119, 142

Secondary BES Relay · 142

Secondary Relay Server · 119

secure · 6, 163

security · 2, 3, 10, 11, 17, 44, 45, 48, 114, 128, 151

Select All · 70, 86, 88, 95, 103, 106, 109, 128, 152

Send Refresh · 72, 106

separator · 155

Server · 162

Servers · v, 19, 61, 76, 163

service · 68, 124

session · 6, 7, 132, 141



Settings · iii, vii, 19, 32, 35, 64, 83, 98, 104, 105,

113, 119, 121, 142

setup · 3, 31, 147, 148

Severity · 112, 116, 122

sh · 83, 113, 138, 139

sheet · 3, 38

shell · 83, 113, 138, 139, 161

shortcut · 72, 74, 136

Show Action Info · 71, 87, 154

Show all computers · 60, 155

Show only personal presets · 30, 83, 146, 147, 156

Show Status Bar · 74

shutdown · 84, 137, 147, 148

signing password · 162, 163

Single Retrieved Property status · 56

Site Properties · v, vii, 49, 50, 111, 134, 143

Source ID · 11, 17, 19, 24, 117, 128, 151

Source Name · 68

Source Release Date · 11, 17, 117, 128, 151

Source Severity · 5, 8, 11, 17, 19, 24, 117, 128, 131, 151

specialists · 92

specifically · 9, 29, 48, 121

spreadsheet · 54, 58, 157

SQL · 162, 163

server · 163

stamp · 80, 86, 90, 96

standard deployment · 163

standardized · 2

static · 34, 149, 163

statistics · 53, 54, 60, 76, 111

Stop Action · 30, 72, 87

subgroups · 147, 148

subnet · 63, 77

subscription · 48, 49, 143, 145

subtype · 56

Suite · i, 162

sum · 158

summation · 56, 158

system · 162, 163

T

Take Action · vii, 8, 28, 29, 30, 64, 65, 83, 84, 85, 86, 91, 124, 135, 136, 137, 146, 147, 149, 153

Take Default Action · 28, 71, 95, 128, 138, 139,

147, 148, 152

Target tab · 29, 85, 149

Task document · 20, 102, 150, 152

Task Document · vii, 150

Task Properties · 16

Tasks Tab · vii, 102, 151

technician · 61

The BES Client · 163

The BES Server · 162

Throttle · 163

throttling · v, 19, 64, 65, 163

Tile · 78

Time Activated · 43, 88

Time Issued · 30, 86

timeline · 57

toggle · 13, 19, 25, 74

Tools Menu · v, 74

topology · 62

trail · 2, 3, 9

trigger · 26, 84, 110, 111, 118, 149, 161

truncated · 32

trusted · 163

tunnel · 163

tutorial · 129



U

unattended · 27

undock · 62

unhide · 13, 19, 25, 45, 70

Unix · 83, 138, 139

unlock · 35, 84, 142

Unmanaged · v, vii, 54, 57, 67, 68, 73, 131, 152, 153, 159, 163

Unmanaged Assets · v, vii, 54, 57, 67, 68, 73, 131,

152, 153, 159, 163

unpatched · 59, 156

unsubscribe · 35, 49, 71, 106, 134, 136, 143, 145

Update Frequency · 143

upgrade · 9, 49, 134, 135

upload · 63

upstream · 61, 162

User name · 55, 56, 106

User Name · 56, 104, 105

users · 2, 9, 13, 19, 21, 25, 26, 29, 31, 45, 46, 54,

57, 73, 84, 87, 89, 95, 103, 106, 113, 128, 133,

135, 136, 147, 148, 149, 152, 153, 157, 161, 163

V

vendor name of processor · 14

vertical · 5

View Action Info · vii, 154

View Web Reports · viii, 154

viewpoint · 60

visibility · 58, 72, 125, 144

Visit · 78

Visualization · 163

Visualization Parameters · viii, 60, 154, 155

Visualization Tool · viii, 3, 10, 32, 59, 60, 75, 155,

156

VPN · 4, 61, 163

vulnerability · 3, 4, 28, 53, 157, 160, 162

vulnerable · 162

W

Web Reports · v, viii, 3, 10, 19, 24, 32, 33, 44, 45,

52, 53, 54, 55, 56, 58, 130, 152, 154, 157, 158,

159, 160, 161, 163

Web Reports Server URL · 55

Website · 15, 143

winword · 14

Wizard · v, 77, 136, 141

Location Property · 77

Software Distribution · 77

workflow · 7, 9

workgroup · 62

workstation · 62

X

XP · 162

bigfix enterprise suite (bes)support.bigfix.com/product/documents/bes_console... · of the various...

Documents